[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Tor Browser Launcher



Leo Unglaub:
> Hey,
> 
> On 2013-02-18 18:33, adrelanos wrote:
>> Right, for such users it wouldn't work anyway, because downloading
>> Tor Browser Launcher from the repository is unencrypted (but
>> signed) anyway.
> 
> thats not 100% correct. You can use transport encryption (HTTPS) for
> the repository servers. You simply need to change your source.list to
> use https.

While it is correct, that there is an apt https package, last time I
checked, not much more than a month ago, no Debian or Ubuntu
repositories supported https nor are willing to do this in future. Did
this change?

Even if using https, there are known file sizes, so it wouldn't really
hide what has been downloaded?
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev