[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] apt-transport-tor



Hello,

> what's the difference between apt-transport-tor and a
> command-line such "torrify apt-get". I've send an email to the
> developper of this project and I'm waiting for an answer.

torify / torsocks is a huge hack with Linux library preloading. Not very 
clean, can leak DNS, etc.
With apt-transport-tor, you use the Tor SOCKS5 proxy directly (and correctly).

> I notice the project documentation doesn't not insist on the fact that
> in the /etc/apt/sources.list the url need to be httpS to be sure that
> the downloaded package are not compromized

AFAIK, there is no official Debian HTTPS repository.
But Debian packages are GPG-signed. No problem of compromise, even with HTTP.

Regards,
-- 
Aeris
Groupe crypto-terroriste individuel
auto-radicalisé sur l’Internet digital

Protégez votre vie privée, chiffrez vos communications
GPG : EFB74277 ECE4E222
OTR : 922C97CA EC0B1AD3
https://café-vie-privée.fr/

Attachment: signature.asc
Description: This is a digitally signed message part.

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk