It’s hard to know which is the right version.
- Version numbers are taken from this URL: https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions/
- And there is no strong authentication. TLS only. No onion version. No gpg signed version.
- RecommendedTBBVersions format is not finalized.
It uses the lowest version number pointed out in RecommendedTBBVersions because other versions could be alpha or beta versions.
A messy situation worked around with this:
…which are both manual interactive methods, not --noask.
And then there is also the hardcoded version number(s) for the tb-updater in Qubes TemplateVM mechanism.
Thanks for your suggestion. Implementing downgrade protection when using --noask would be rather difficult.
I’ll change the man page from
–noask
Installs whatever https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions
claims to be the latest version without user interaction.
to
–noask
Installs whatever https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions
claims to be the lowest version without user interaction.
Long term my plan is rather to deprecate tb-updater since it has been causing significant development, support, maintenance effort and to rather use a solution similar to the one for electrum appimage by using package binaries-freedom.