Replies: 2 comments
-
This is a brilliant idea to improve the user experience. The Tor Browser works like that in Linux. They published If we decide to take this approach, we should always only support the current Java versions. Otherwise, we might get security problems. It's enough to officially support the LTS versions. This works as long as we sign the Jar files and pull the public keys from public keyservers or hardcode them in the application. I think for Windows and Mac there's no better solution. For Linux, we can make it easier. Bisq 1 generates .deb and .rpm files for Linux. We could upload these to all repositories, and then the OS updates Bisq automatically. Another approach is to generate a Flatpack package. [1] https://github.com/micahflee/torbrowser-launcher |
Beta Was this translation helpful? Give feedback.
-
See #200 for more details |
Beta Was this translation helpful? Give feedback.
-
Forcing users to download and install at each update a new Bisq version is cumbersome for the user as well for the deployer.
Another appoach would be to have a application skeleton which download the required jar files from Github (or another secure location) and loads dynamically those jars in the app. That way we only need to deploy once and then let the user dynamically upate.
We have to be careful regarding security but as its a common strategy for most software I think it should work also in Java with big issues.
@alvasw What do you think about it from security point of view?
Beta Was this translation helpful? Give feedback.
All reactions