On 2016-02-12 06:57, Cain Ungothep wrote:
On 02/08/2016 01:36 AM, Georg Koppen wrote:
Mirimir:
When automatically updating, does Tor browser check GPG signatures
of
downloaded updates before installing them?
The update files are not using GPG signatures (see:
https://wiki.mozilla.org/Software_Update:MAR for detailed information
about the MAR file format). They are signed, though, and the updater
refuses to install the update if the signature is non-existing or
wrong.
Georg
Thank you.
For those who wish to update manually, is it sufficient to toggle
app.update.auto in about:config to false?
Seems so. You will still be prompted to update through the MAR system,
but it won't happen automatically.
Today I discovered that TBB 5.5.2 automatically downloaded. That hasn't
happened before. Normally I am prompted and manually download the tar
bundle with the signature file which I check with gpg --verify.
I'm confused as to why this time I received an automatic download. Any
thoughts?
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
