Author: Mike Hearn 2013-08-07 08:41:54
Published on: 2013-08-07T08:41:54+00:00
In a discussion thread about automatic updates in sensitive environments, Gregory Maxwell suggested using quorum signatures and timed quarantine with negative signatures to ensure security. Peter Todd suggested putting a commitment in the blockchain itself to ensure that the act of making a release available for download is public, even if developers can control what binaries are made available to a particular target. This would involve each person on the signing list creating a transaction with a special form from a specific pubkey that commits to the digest of the binaries, and the auto-update code refusing to update unless it sees that special transaction with a sufficient number of confirmations. Developers would then be unable to make a special release for a specific target without letting the world know they did so, even under coercion. Wendell thanked everyone for their input and mentioned that a thread was raging on liberationtech about Tor Browser Bundle where the subject of automatic updates had come up.
Updated on: 2023-06-07T15:24:11.657629+00:00