[tor-talk] apt-transport-tor

Aeris aeris+tor at imirhil.fr
Fri Jun 26 08:55:50 UTC 2015


> what's the difference between apt-transport-tor and a
> command-line such "torrify apt-get". I've send an email to the
> developper of this project and I'm waiting for an answer.

torify / torsocks is a huge hack with Linux library preloading. Not very 
clean, can leak DNS, etc.
With apt-transport-tor, you use the Tor SOCKS5 proxy directly (and correctly).

> I notice the project documentation doesn't not insist on the fact that
> in the /etc/apt/sources.list the url need to be httpS to be sure that
> the downloaded package are not compromized

AFAIK, there is no official Debian HTTPS repository.
But Debian packages are GPG-signed. No problem of compromise, even with HTTP.

Groupe crypto-terroriste individuel
auto-radicalisé sur l’Internet digital

Protégez votre vie privée, chiffrez vos communications
GPG : EFB74277 ECE4E222
OTR : 922C97CA EC0B1AD3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20150626/6845cadf/attachment.sig>

More information about the tor-talk mailing list