Qortal's auto-updates are controlled by a special type of multi-signature transaction: the developer group on-chain (DevTeam Admins). The developer group has 'admins' like any other group on Qortal, but the admins of this group are required to sign the update transaction prior to it going live. How it works is that one of the core developers puts up an auto-update transaction that sits unconfirmed until 60% or more of the developer group signs it. Once that happens, the update goes live, staggered so that the entire network doesn't update at the same time. It takes about 2 hours at this point for the entire network to update. As the network grows, it will take longer.

As the developer group grows, the number of admins will also grow, making it more signatures required for the network to update. The nodes see the approved special transaction type, and execute the update. In the near future, every Qortal registered name will have a git repo tied to it as well, therefore our git repo will be on QDN. That should be completed sometime around the end of the year. As it sits, the update verifies the signature of the qortal.jar on GitHub, and pulls it from there. (Yes, obviously that isn't yet ideal.)

Eventually, the updates will be calling from its own network, meaning NOT from GitHub - but on Qortal itself. Until then, we have to work with what is available, and literally every repo for every project is on GitHub. We will be able to help all other open source projects once Qortal Git goes live.

But for those concerned about the security risk of using GitHub's centralized service, the signature is verified before the qortal.jar is pulled anyway, so it's the best of what we can do with the way things are, until QDN has git repos. It's not that much of a risk if the file signature is verified (but obviously it's not ideal and nowhere near what we will have very soon).

Once QDN has git repos for every name, there will be thousands of copies of the git repo on any node that follows whatever name we end up using for the primary Qortal repos. If the signature doesn't match, it isn't pulled. The signature is partly published as the build number as well, so people can easily check their running copy's build number, to double-check. Ultimately the auto-update knows the build number, and file signature, so it can verify it too (which is much more secure than having people manually grab a file from GitHub).

When we add support for git, it won't be just OUR repo, it will be literally usable by anyone with a registered name on Qortal. Every registered name will have the potential to have a website, git repo, application, content, private data, and followers. You'll be able to sell the entire name at once to someone else on the 'Names Market' where they can pick it up and start editing existing things there with no need to modify 'hosting' or other aspects.

We'll update this page when we have more info to share on this aspect of development!

You can read more about the GitHub Replacement concept on the wiki!