Thanks to Rusty Bird (https://lists.torproject.org/pipermail/tor-talk/2014-December/035886.html) I tested, that creating a file
with the content
would disable applying updates using Tor Browser's internal updater. tb-updater could create that file after extracting Tor Browser. It's simple to develop.
Now I am wondering if a stable update or adding this at all would be worth it. I think after TPO fixed verification, users would demand another stable update. So this endeavor would cost some time for maintenance. Is it worth it? Any input?