-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 hi, debian-cd list. this is my first email here.
since debian and tor project announced the availability of onions for package upgrades and installs through apt-get, i've been exploring ways to create images so users can install debian over tor from first run. despite some success with experiments, the main issue is that, as an anonymous person, i'm not trust worthy. now that apt-transport-tor is part of jessie, would it be possible for the debian project to create a netinst.iso and live.iso that implements tor, apt-transport-tor and the onions in /etc/spt/sources.list? that way, debian could gpg sign it as usual and there would be no concern of potential tampering from someone like myself. i work on a guide that uses debian as a host and whonix as the gateway and workstation that is aimed towards novices who wish to explore methods of privacy and anonymity. such isos would allow for the guide to use tor from practically start to finish, which is ideal, in that third parties would have a more dificult time knowing if anyone is installing debian. if there is any way i can help make this happen, please let me know. cheers, @jetblackcloud - -- gpg key - 0x2A49578A7291BB34 fingerprint - 63C4 E106 AC6A 5F2F DDB2 3840 2A49 578A 7291 BB34 -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJXsVBUXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2M0M0RTEwNkFDNkE1RjJGRERCMjM4NDAy QTQ5NTc4QTcyOTFCQjM0AAoJECpJV4pykbs0/mwP/3dJeaC9UC2WY4OpNn2YBiFl 0PVabohf6LFkK6fQZ+YWQxRSj36g+WmYxU7K9cHOnf9ldTARLALaP7HVjRloM8mP Z1ay250cyNyiyPgr951YMmNfkKfRre3z66ir6FLy5rs0w+BrbRuHyaBiWdpPK5jF 05CDjCyeQgP13jI5ZARBBWRbKvkAVxw7Buzre1wd2YArwWP4MTFRUZgplUVXWihg 21oHqC5X9QXRpIJTvpPABn33mz3zqwmM/t6Xt5NzSTE5dVvlRkzhrfmmSYeMpfLm Wj1SJvcwBjdo7JLvK4kQBtlxDwV45a0Ph/TTnHvNLWdgxWTZvNbqI/K8jPoOqbzO Kz2hnMzlZ45v/u5e19s4KYxZzoTlgYgCDmNIZfEbR6OoEfnc9lISXNNEM5UbMG8A W/D4cw5re5xaeM8E54vc3mgE5CbRIoueJaALjCRHUOt1UZ76a/fZSk7QR0ywhykB gVMVdNMzqJIRqz5R5oxntgdJWE8XnMmGtdjoznoPE4O4PPBVlrtmRe7fA7V/wqEf YRkEm6uJI/KEFKyo0vMT/+mDlhHNmlD5LBiz1aDHTi784hJ4VauvzSYlTb+OwZqg qpr1y2HFrajdLH1zuAfdHWdpbwxAPX0NXgXU1z512cyTF85pRZXGGNkrYnDuM/1F WPUw9OZcs3VPQpZJ+FOM =2idN -----END PGP SIGNATURE-----