adrelanos:
Jacob Appelbaum:
Do you plan to download TBB over Tor that is provided by the system, say by adding a dependency on a system Tor?
There has been a bit discussion about this in https://trac.torproject.org/projects/tor/ticket/5236 already. (Search for "over Tor" to quickly navigate it it.)
I've seen the ticket.
I think downloading over Tor is desirable, but very difficult to implement.
It is as easy as adding a `depends: tor` line to the debian/control file. In modern Debian or recent Ubuntus, it is fine.
What about bridge users? They have to edit a system wide torrc and the TBB torrc?
You're over thinking it. Connecting to the Tor Project website often fails - far more than the Tor network being blocked.
What about users who don't want to ever connect to the public Tor network? -> https://trac.torproject.org/projects/tor/ticket/7197
Such users have a valid concern but I hardly think that this package is for such users - as it stands right now, that problem is made worse by both connecting to Tor's website *and* the public network.
A MITM may be able to replay an old valid signature for a package, does your code handle that case?
I am not Micah, but I don't know how he could. I think the Tor Project would have to finish Thandy for that purpose.
It is easy - never allow a valid signature with a lesser version number.
You may enjoy the paper and code on theupdateframework.com to look into those kinds of issues...
Yes, it's really good.
They also gave me a link to https://github.com/akonst/tuf (see docs folder).
Neat.
All the best, Jacob