sajolida wrote:
Together with Giorgio Maone from NoScript and tchou we designed a crazy
new plan to solve a great deal of ISO verification for the masses.
Here it is:
https://tails.boum.org/blueprint/download_extension/
Please everybody, check the scenario that we are proposing there, so we
all agree on the plan.
I like this idea a *lot* (and am doing something similar for
distributing Tor). Are the repos public? Would love to take a peek.
One issue that I see is that this method relies on people having a
secure connection to the Firefox add-ons site. This is not always the
case, and there are lots of MITM anecdotes involving FF extension
installation/updating. Also, this extension should allow users to
select any local file to verify the hash. I would additionally request
that there be an option to simply generate a sha256 hash so that users
can attempt to verify other software as well.
best,
Griffin
_______________________________________________
Tails-dev mailing list
[email protected]
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to
[email protected].
