Feature #17574

Update not over Server ?

Added by 77.97.105.108 2020-03-29 20:31:54 . Updated 2020-03-30 11:09:31 .

Status:
Rejected
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Security Audit
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

Hey Guys,
u r all doing an awesome job ! Thank u all !!!

But im thinking about to live-update tails via the bittorrent-networt, insted over a server.

Reason:

- holding the OS updated, when your Server would compromised from a Goverment or whoever

- to avoid malicious code in tails from one server

- ease servertraffic and servercosts
- its harder to hack lots of bittorrent-seeder than one server

Is that possible and makes it only for me sense or do you think similar like me ?

Subtasks

History

#1 Updated by intrigeri 2020-03-30 11:09:31

  • Status changed from New to Rejected

Our upgrade process already assumes that download mirrors are untrusted, and protects against most adversarial action these mirrors could take.

However, our upgrade process does trust our website a fair bit, e.g. someone who controls our website could hide necessary upgrades from users.
But that’s another matter and AFAICT, this issue is about the contents of downloaded updates, not about more advanced threats.

For details, see https://tails.boum.org/contribute/design/incremental_upgrades/