[tor-talk] Operating system updates / software installation behind Tor Transparent Proxy

[Mansour Moufid]

On Sat, Mar 3, 2012 at 8:10 AM, Fabian Keil
<freebsd-listen at fabiankeil.de> wrote:
> Robert Ransom <rransom.8774 at gmail.com> wrote:
>
>> On 2012-03-02, Andrew Lewman <andrew at torproject.is> wrote:
>>
>> > The trick is, I like to think I know what I'm doing and that I'll
>> > notice if apt-get or my VM image fails to transfer untouched. Whether
>> > I'll actually notice a sophisticated exploit in deb packages or my vm
>> > image modified in perfect way that gpg or sha256 hashes don't detect,
>> > remains to be seen. If I pulled a random person out of a barcamp and
>> > asked them to do a OS X or Windows update over transparently proxied
>> > tor, would they notice if the package was modified in transit? What do
>> > these OSes do in this case? What about freebsd ports?
>>
>> Every FreeBSD port's list of distfiles includes hashes and sizes of
>> each distfile to be downloaded.  If I remember correctly, the only
>> required hash is SHA-256.
>
> Of course this only helps if you are actually building the
> packages from source, something the "random person out of a barcamp"
> probably doesn't do. The official packages are neither signed nor
> transferred securely when using pkg_add -r.
>
> It's my impression that signed packages aren't a priority
> for the BSDs in general.

I believe the logic is that parties concerned about package integrity
would be equally concerned with running someone else's pre-compiled
binaries in the first place, and so would just use Portsnap.

Speaking of which (off topic)... Tor should keep up with signed tags
in its git repos. Obfsproxy.git isn't tagged at all; tor.git is only
up to 0.2.3.9-alpha.

Also, shouldn't [1] recommend `git clone git://' over `https://',
since if one needs obfsproxy, HTTPS likely isn't very discreet.

[1] https://www.torproject.org/projects/obfsproxy-instructions.html.en