Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Or Microsoft could just poll their extremely easy to access download site (https://archive.torproject.org/tor-package-archive/torbrowse...) every hour or two to detect new versions, and then automatically add them to an exclusion list.


OK and then how long for the signature updates to proliferate to clients? This is not an easy problem. Even with your suggested solution:

1. You are up to 1-2 hours behind on every update

2. If your job fails for whatever reason you're now N hours behind until an engineer fixes it.

3. Are you going to write one of these jobs for literally every good binary?

4. What happens if TOR changes any aspect of how it's packaged? Today it's a tar, tomorrow it could be a zip.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: