Re: torified netinst.iso and live.iso
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Steve McIntyre: > This sounds like a very good idea, thanks! As far as I can see, > we'd need to: > > 1. add the extra packages (tor, apt-transport-tor, anything else?) > > very easy - I can add those to the package lists for d-i and/or > debian-cd very easily > > 2. change the sources.list to use those and the onion addresses > > slightly more involved - we'd need to tweak things, maybe give > users the choice during installation > > 3. if the user chose to use tor at install time, change d-i itself > to use tor for even the initial installation packages > > much more complex - we'd need tor support built into d-i too, I > guess > > If we'd want #3 too, that will need development work in d-i from > somebody who knows tor? > this is it, in a nutshell. goal would be to do the initial base/package installs over tor at install time. that way, if someone downloaded the netinst.iso with torbrowser, all of the debian install process would later be torified as well, effectively blocking various levels of eyes from seeing that debian was ever used. thank you for the reply. - -- gpg key - 0x2A49578A7291BB34 fingerprint - 63C4 E106 AC6A 5F2F DDB2 3840 2A49 578A 7291 BB34 -BEGIN PGP SIGNATURE- iQJ8BAEBCgBmBQJX4hq3XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2M0M0RTEwNkFDNkE1RjJGRERCMjM4NDAy QTQ5NTc4QTcyOTFCQjM0AAoJECpJV4pykbs04SAP/38Rf8pr9ebtotPUO5XwVbWE D0osbYnDGtA9EooieArJ3NbISo+yJfDrWjpr4Pymb4tIerv+x+pUCLzwPIMSikVC S2vo4wZtbKql/Z1cSuFlyuhVrmwpv9MOQfoTdj+PQfofujqxWqwc2VQeUBtU8QFN SYanyCZ9eXjQaQz3IliCVdDL7PfcWqxO7OjCkkyFRsWnPyS/hK2v6iu/mOdZVu6X ExqguZk2SXCQdOOkoXhMMT4EH7+beFGDcwIdCuITj8usfP54wMIVgNUvAjj3//QY uneND0BB9/VxF+8y1yoXsPk5PlUjs8BDNfRXYeKKgK+cUK0oCmlPoOqo9XAr53pu 6MOgoLG/mMNw/2VWuTm4VDd/V/ijnqz9B5tgCBP34CeFdCKwQiHUoXTJJ7vPbSfn d5/q850BRnzrxNsZtDUJ4HURlp2dTUPLowY8tR1VQ4uV+Z4LTeLo7zlU1W77h0F6 9TrfrxOy9IoDvhZhOueLJzpaK/fx2Lb24WHNVc8zF58O8qxs4boZk1qZE9nkDCxC BKIOticlerw9VilZT+lMLlN3iK855WOv4dmetyTZ2lD4ZgQ9kTOGyzD7XKZDxeFe cLF2x9LtH5oe8ywwCy1NhOxWyFFsgjhDTx3Etill3oyTtl/kwm+IdQou7apqSs4u fLLjFapnPhHS8dAbbCso =F6e7 -END PGP SIGNATURE-
Re: torified netinst.iso and live.iso
On Mon, Aug 15, 2016 at 05:17:00AM +, Tempest wrote: > >hi, debian-cd list. this is my first email here. Hi! >since debian and tor project announced the availability of onions for >package upgrades and installs through apt-get, i've been exploring ways >to create images so users can install debian over tor from first run. >despite some success with experiments, the main issue is that, as an >anonymous person, i'm not trust worthy. > >now that apt-transport-tor is part of jessie, would it be possible for >the debian project to create a netinst.iso and live.iso that implements >tor, apt-transport-tor and the onions in /etc/spt/sources.list? that >way, debian could gpg sign it as usual and there would be no concern of >potential tampering from someone like myself. > >i work on a guide that uses debian as a host and whonix as the gateway >and workstation that is aimed towards novices who wish to explore >methods of privacy and anonymity. such isos would allow for the guide to >use tor from practically start to finish, which is ideal, in that third >parties would have a more dificult time knowing if anyone is installing >debian. > >if there is any way i can help make this happen, please let me know. This sounds like a very good idea, thanks! As far as I can see, we'd need to: 1. add the extra packages (tor, apt-transport-tor, anything else?) very easy - I can add those to the package lists for d-i and/or debian-cd very easily 2. change the sources.list to use those and the onion addresses slightly more involved - we'd need to tweak things, maybe give users the choice during installation 3. if the user chose to use tor at install time, change d-i itself to use tor for even the initial installation packages much more complex - we'd need tor support built into d-i too, I guess If we'd want #3 too, that will need development work in d-i from somebody who knows tor? -- Steve McIntyre, Cambridge, UK.st...@einval.com < Aardvark> I dislike C++ to start with. C++11 just seems to be handing rope-creating factories for users to hang multiple instances of themselves.