Tor Browser update security
I'm watching a user update their Tor Browser and they not only went and downloaded it, they opened the .gz, unpacked it and ran it.
I suspect it would be straightforward to have a small handler for opening Tor Browser downloads that verifies the download with a very small build of gpgv. Combined with the new Firefox cert pinning, I'd feel rather good about downloading updates as we clearly (I hope someone clarifies otherwise!) won't have Thandy anytime soon.
I imagine that it would be a nice way to ensure that there is only one leap of faith, ever. The first is unavoidable and afterwards, everything else is unnecessary.
If I wrote a patch to build/include gpgv (with our gpg keys preloaded) - would that be something we could ship? Could we easily hook it for torproject.org downloads?