Bitcoin Forum

Since there can be important security updates and a lot of people don't check the site, the Bitcoin client should have an optional auto-updater (on by default), with "how often?" options ranging from each five minutes to each day and an option to install without asking (only security updates or all updates?)

+1, updating from existing clients would be a useful feature.

I can see this as a security risk if the updater were able to be set to automatic.  Invariablely, some users will disregard the risks in the ongoing absolute trust of a particular server, and enough might be able to break the system if some cracker were to be able to compromise that trusted server and replace the client download with a compromised client with malware.  Even if that only lasted for a short time.  If the client were to ever include an update notification function, I disagree that it should *ever* update without user verification.  Even a normal client modified to send a copy of your wallet.dat file to a particular email address would screw a lot of people over in a hurry.

I agree with creighto, I think at most the client should give a notification that there is a new version available, but I don't like the idea of auto-updating.

I was thinking of automatic updating being off by default (but checking being on by default). Update user verification is useless for me because I always click yes -  It's rare that the update server is being played with, but even if it were, I would not be able to tell.

How about using TLS for authenticating the update server?

People who don't download and install update is at a security risk. There will be many more security risk incurred from outdated clients than there are in an unlikely hacking attack. It's a tradeoff.

That's why crypto-signed updates have existed in software systems for over a decade.  You don't need to trust the server, if you have a public key stored locally.  Fedora, Ubuntu, Debian etc. sign all their binary software packages with GPG, as an example.

Eventually bitcoin will catch up with the times :)  Even without auto-updates, this is a serious vulnerability with the packages on bitcoin.org (http://www.bitcoin.org/).  Posting SHA1 sums is useless without a cryptographic signature of some sort.

Also, if someone maintained a package and submitted it to distributions, it would already be auto-updated without the need to build it into the client.

Unless you run Windows.

Not without the user's permission.  Some packages are not updated automaticly for similar reasons.

That's easy - just make Bitcoin come with a Debian VM.

What about storing the update hash in the bitcoin journal?