Investigate ways to make the install/update download process more robust.
In particular this applies to updates that are always fetched over tor. The file downloader should be more robust to failures and maybe transparently retry without kicking the user back to the interface.
In the case of failures I'm not sure if I should force a new circuit or not either...
If/when the update process moves to being done primarily in the background, this can pushed back because the background downloader can be made to retry properly with less thought about the UX.