special
commented
8 years ago @taoeffect on #301:
For security critical programs an auto-update mechanism is critical.
If a vulnerability is found, then users must be able to find out about it and get the fix as soon as it's released.
On OS X this is accomplished via Sparkle.
Ricochet, unfortunately, is written in C++ (see #285). However, I know that YouTube to MP3 (which appears to be censored from Google search results...) is a C++ program with a built-in autoupdater similar to Sparkle, so perhaps that or something else can be used.
ghost
strugee
It's really important that users stay up to date with new versions.
We should figure out a simple, but secure and privacy-preserving way to check whether updates are available and encourage the user to (safely) get them.
For example, we could fetch something from a hardcoded hidden service once every X, on some randomized schedule. In the simplest version, that could just be a statement saying "the latest version is N".
It might be worth adding an offline signature, a changelog, an indicator of important the update is, a statement expiration, or other fancy things.
I think we should avoid offering an automatic download of the update in the first iteration of this, but it's probably worth adding eventually: we can verify signatures, whereas most users won't.