[tahoe-lafs-trac-stream] [Tahoe-LAFS] #2761: self-update command
Tahoe-LAFS
trac at tahoe-lafs.org
Thu Mar 31 11:18:28 UTC 2016
#2761: self-update command
-----------------------------+-----------------------
Reporter: warner | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: undecided
Component: packaging | Version: 1.10.2
Resolution: | Keywords:
Launchpad Bug: |
-----------------------------+-----------------------
Comment (by leif):
As I [http://arstechnica.com/security/2016/02/most-software-already-has-a
-golden-key-backdoor-its-called-auto-update/ wrote] recently on Ars
Technica, I think a basic requirement for new update mechanisms being
deployed at this point in history is that they not introduce new single
points of failure like the one Ed25519 release key described above!
Anyway, it seems like this is something that should be implemented in pip
or somewhere else outside of Tahoe. Perhaps pip could provide an API for
applications like Tahoe to check if they are the latest version, and even
initiate upgrades? And/or perhaps pip could have a cronjob to auto-update
certain packages and their dependencies? I think removing the single
points of failure from pip's authenticity-checking regime should be a much
higher priority, though!
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2761#comment:1>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list