1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
helo=mx.sourceforge.net)
by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <wendel@314t.com>) id 1V6LxA-0002l2-BR
for bitcoin-development@lists.sourceforge.net;
Mon, 05 Aug 2013 14:40:08 +0000
X-ACL-Warn:
Received: from mail-la0-f45.google.com ([209.85.215.45])
by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1V6Lx8-0000BT-II
for bitcoin-development@lists.sourceforge.net;
Mon, 05 Aug 2013 14:40:08 +0000
Received: by mail-la0-f45.google.com with SMTP id fj20so2139183lab.4
for <bitcoin-development@lists.sourceforge.net>;
Mon, 05 Aug 2013 07:39:59 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=20120113;
h=sender:from:content-type:subject:date:message-id:to:mime-version
:x-mailer:x-gm-message-state;
bh=90T3gqZs//qRiTPJATi+m0+U6kiJTN016JlFJLFLikI=;
b=apD44GdCeDO2DaLAPpZ3vi52Qf4xsapZHswWKmAFlWrnq4sW6pcD8aOgBH9CwRNlfA
UV/zt2lIM1fws8klMfpkMXoWsBwC85rw/4UxqIA+PtrzXFYQVNxg57huVZ+Sn3+Qtvyw
gKYfsmuO2u1OjugXmlMLEabnyxMPuNWYLjthARQOlUU+4npp4KGF4I9E8s+avx+cDzi9
xW1e38VmerXw6Cc2uthq0+mngqQzlTaF119IzN6XcvVNT37KhnUU7H45fChD9S25OXQ7
s3WltCD1T5srswpkuX9+KS/aW1lgMROW49tcHL7sU2swjqrm1Fc+C4TYVauMPmms605o
gxQQ==
X-Received: by 10.112.135.99 with SMTP id pr3mr9001586lbb.23.1375713599764;
Mon, 05 Aug 2013 07:39:59 -0700 (PDT)
Received: from [127.0.0.1] (tor-exit0-readme.dfri.se. [171.25.193.20])
by mx.google.com with ESMTPSA id k6sm9561822lae.9.2013.08.05.07.39.55
for <bitcoin-development@lists.sourceforge.net>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Mon, 05 Aug 2013 07:39:58 -0700 (PDT)
Sender: w grabhive <wendel@314t.com>
From: Wendell <w@grabhive.com>
Content-Type: multipart/signed;
boundary="Apple-Mail=_B197055C-92EA-4B95-9731-20410C73E52D";
protocol="application/pgp-signature"; micalg=pgp-sha1
Date: Mon, 5 Aug 2013 16:39:49 +0200
Message-Id: <EE3869FD-6D83-469A-BF4F-31B79CA9950F@grabhive.com>
To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Mime-Version: 1.0 (Apple Message framework v1283)
X-Mailer: Apple Mail (2.1283)
X-Gm-Message-State: ALoCoQkgz7/1kFENo+JsL0XKTH0wxN/ymqRm5xW3ITQTLFbSbYhF7rhRGuxU2YMz24jS/boGMBBF
X-Spam-Score: 0.0 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
X-Headers-End: 1V6Lx8-0000BT-II
Subject: [Bitcoin-development] Safe auto-updating
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Mon, 05 Aug 2013 14:40:08 -0000
--Apple-Mail=_B197055C-92EA-4B95-9731-20410C73E52D
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
For usability purposes, we at Hive would like to have an auto-updater in =
our wallet app.
What is a safe way to do this? I understand that Bitcoin-QT lacks such =
an updater for security reasons... Has been thought out in more detail =
since that decision was made?
We have been toying around with the idea of placing one server behind a =
Tor hidden service, whose only function is to output a checksum of the =
update package. The theory is that if it is well-secured, it will at =
least be immune to tampering at the physical hosting level.
Any thoughts or advice about any of this?
-wendell
grabhive.com | twitter.com/grabhive | gpg: 6C0C9411
--Apple-Mail=_B197055C-92EA-4B95-9731-20410C73E52D
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
iQIcBAEBAgAGBQJR/7k2AAoJECAN2ykHU5Y648cP/1eR5/yiTcX0NYmxmfr9rKaR
zM3B1e6Xv+rDQaCx73aPUuXGzyAyHwJGbAg1mYgr1pXr7pHW9TRBsv58ejGqS9iV
Gg5sPuT4idPDlHFeckn09vCtAUci92N7hL7auPJZODhnhIkllxQsHKeN+YGiu5E8
3zVcMCHSJRIy64XASXPBSt4+h8K+4Cu2s1XSM0wx1UL6VKmH2actmtgaidrFcB7V
pCRdACuWhtp95Lng5snPSOZgULXjCLQK2rV5eB0WfIV5O2yCbsj0yOCWs2ONz5BK
zAa1giDn88BbbShmn9JZ5d0RIWF6CNuAIGvECt/KMkSs9rFE673f+Ufd/KBykojo
1jZ0E81uBjRxbly7Sh3+xpl0Z4kW/FNcksFL0s5AnOFTKM3zfXYwadcGpFOPxEBc
4OlB/ONSwV2ipddQabDnn39+//wDC9WmdUFUpmMjHCESysH+fsIuzu3E8kdtW5X6
ZfotxuUTZ5Y2XTEqj44RQYahISRWK5X0Bw0lLk0CoZ5Qnz01ullMzzCdiNcaTVBi
eO6cR5IURPrCt4DqKoyqQi7p+mOT3cgkdrq5Gf+RVwwkXthTXE3CPtHuKEY+1cgh
a2fZidbP9c64fi/4s/rSJ03mLqOJpGeBd1GnSJs2nFQplx1Blf4aQUP0VsDMZyZT
Ev/GNyoP2tIgszLSySTe
=X7PJ
-----END PGP SIGNATURE-----
--Apple-Mail=_B197055C-92EA-4B95-9731-20410C73E52D--
|
