Hi,
Ivan Ristic:
Dear Tor developers,
My SSL Labs server test has a feature where it checks for preloaded HSTS in Chrome, IE, Firefox, and Tor.
You can see it near the bottom of this report, for example (under "HSTS Preloading"):
https://www.ssllabs.com/ssltest/analyze.html?d=scotthelme.co.uk&s=107.17...
For Tor, I download the preload list from this URL:
https://gitweb.torproject.org/tor-browser.git/plain/security/manager/boot/sr...
That's the best I could find (when I originally implemented the feature), and I now see that the version number has advanced since.
Which brings me to my question: is there a public URL that always contains the latest preload list?
We are not patching the preload list. Tor Browser ships the same list as the Firefox ESR version it is built upon. So, in a sense, no, there is no such URL as we have different branches for different ESR releases. But I guess tracking the latest Firefox ESR (which you might be doing anyway) and assuming the same list for the latest Tor Browser should be working fine for your purposes.
Georg