Hi, (Please Cc: any subsequent reply to the public tails-dev@boum.org ML.)
> Tails should try to check for updates over Tor regularly to ensure > that it hasn't been updated; it should alert the user if there is no > update after a reasonable window of time. Tails does check at boot time if the running version is affected by security problems. See config/chroot_local-includes/usr/local/bin/tails-security-check in our Git repository. However, when discussing this topic, we had misread your proposal, and thought you were suggesting to check if *Tor* should be updated. Therefore, we wrote the following reply, that I'm sending anyway for what it's worth: FYI Tor is not that often the weak link that forces us to do a quick release because of huge security or anonymity issues. Our release timing depends more, say, on the Mozilla security updates schedule. Then, our problems wrt. the need for quick updates is more general, and quite harder, than if Tor was the usual suspect. We already have the infrastructure and software needed to tell every Tails users they must upgrade this or that or do whatever is needed. So, the "alerting the user" part is covered already. Maybe you were suggesting to setup some way to go further, that is to *upgrade* Tor on a running Tails system. We might want to setup semi-automated upgrades at some point (that is, we would maintain a public list of packages that can be safely upgraded without causing any harm, possibly in a APT repository, and Tails would fetch packages from there). However, the time needed to properly test and maintain such a repository, as well as the additional complexity for user support, makes us very doubtful about such a thing. (Even once we get persistence for APT caches, and even dismissing the conffiles conflicts problem, that is.) That's why getting binary-level incremental upgrades looks like a safer bet: it would be much easier to manage and support, and the upgrade process would not have to be conducted at every boot; in case you're interested, see our research and test results there: https://tails.boum.org/todo/usb_install_and_upgrade/#index6h3 --
pgp7K9NwuMrd0.pgp
Description: PGP signature
_______________________________________________ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev