[Pkg-privacy-maintainers] Bug#814432: Bug#814432: tails-installer should download and authenticate live ISO images

intrigeri intrigeri at debian.org
Thu Mar 10 10:31:36 UTC 2016

Control: forwarded -1 https://labs.riseup.net/code/issues/9798


Antoine Beaupré wrote (11 Feb 2016 14:39:39 GMT) :
> I am exaggerating, of course, but I was expecting something more like
> the tor browser launcher, which actually downloads the software for me
> and does the busy things of verifying crypto signatures and
> everything.

OK, so we have two problems here:

1. You were expecting something else than what the software actually
   does; the package description reads "Tails Installer is a graphical
   tool to install or upgrade Tails on a USB stick from an ISO image";
   I'm not quite sure how we can improve it to make it clearer that
   one needs to have "an ISO image" to start with. Any suggestion?

2. Tails Installer currently can't download and verify the ISO image
   itself. This is an upstream feature request, that is being tracked
   at https://labs.riseup.net/code/issues/9798.

> That way there is a trust path between me and the
> developpers that does not depend on the CA cartel (as I understand the
> current approach seem to depend on).

Almost: the current approach depends on one specific CA.


More information about the Pkg-privacy-maintainers mailing list