[Pkg-privacy-maintainers] Bug#814432: Bug#814432: tails-installer should download and authenticate live ISO images
intrigeri at debian.org
Thu Mar 10 10:31:36 UTC 2016
Control: forwarded -1 https://labs.riseup.net/code/issues/9798
Antoine Beaupré wrote (11 Feb 2016 14:39:39 GMT) :
> I am exaggerating, of course, but I was expecting something more like
> the tor browser launcher, which actually downloads the software for me
> and does the busy things of verifying crypto signatures and
OK, so we have two problems here:
1. You were expecting something else than what the software actually
does; the package description reads "Tails Installer is a graphical
tool to install or upgrade Tails on a USB stick from an ISO image";
I'm not quite sure how we can improve it to make it clearer that
one needs to have "an ISO image" to start with. Any suggestion?
2. Tails Installer currently can't download and verify the ISO image
itself. This is an upstream feature request, that is being tracked
> That way there is a trust path between me and the
> developpers that does not depend on the CA cartel (as I understand the
> current approach seem to depend on).
Almost: the current approach depends on one specific CA.
More information about the Pkg-privacy-maintainers