Leo Unglaub:
Hey,
On 2013-02-18 18:33, adrelanos wrote:
Right, for such users it wouldn't work anyway, because downloading Tor Browser Launcher from the repository is unencrypted (but signed) anyway.
thats not 100% correct. You can use transport encryption (HTTPS) for the repository servers. You simply need to change your source.list to use https.
While it is correct, that there is an apt https package, last time I checked, not much more than a month ago, no Debian or Ubuntu repositories supported https nor are willing to do this in future. Did this change?
Even if using https, there are known file sizes, so it wouldn't really hide what has been downloaded?