Re: [Tails-dev] Tails Vagrant VM: repositories in /etc/apt/sources.list use http instead of https
Andreas Kuckartz wrote (09 Jul 2012 19:10:59 GMT) : > I suggest to change that to reduce the threat of MITM attacks. To do > that apt-get install apt-transport-https is required. Server-side HTTPS support is required, too, and is not offered by most Debian mirrors. ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
Re: [Tails-dev] Tails Vagrant VM: repositories in /etc/apt/sources.list use http instead of https
On Mon, Jul 09, 2012 at 09:10:59PM +0200, Andreas Kuckartz wrote: > Thanks for the suggestion to use "vagrant ssh". I am now having a close > look at the VM from inside. > > I noticed that all the repositories configured in > /etc/apt/sources.list > use http instead of https. > > I suggest to change that to reduce the threat of MITM attacks. To do that > apt-get install apt-transport-https > is required. All repositories and their respective content are authenticated using cryptographic signatures [1]. I don't really see a reason in preventing content proxying (which is essential for fast builds) to prevent DoS attacks. [1] http://wiki.debian.org/SecureApt > I am experimenting with these and other changes. Please do! And submit patches! :) -- Ague pgpLZjGEXI4kC.pgp Description: PGP signature ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
[Tails-dev] Tails Vagrant VM: repositories in /etc/apt/sources.list use http instead of https
Thanks for the suggestion to use "vagrant ssh". I am now having a close look at the VM from inside. I noticed that all the repositories configured in /etc/apt/sources.list use http instead of https. I suggest to change that to reduce the threat of MITM attacks. To do that apt-get install apt-transport-https is required. I am experimenting with these and other changes. Cheers, Andreas ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
Re: [Tails-dev] "rake build" fails
On Mon, Jul 09, 2012 at 06:47:10AM +0200, Andreas Kuckartz wrote: > > but the Vagrant stuff was not > > updated yet. Feel free to update it so that it uses ikiwiki from > > current Debian testing/unstable (>= 3.20120516), instead of building > > its own. > > Am I correct that this file has to be modified? > /vagrant/provision/setup-tails-builder Absolutely. This shell script is executed in the virtual machine upon startup, or when `rake vm:provision` is run. Sometimes it is easier to debug and test things by having an interactive shell in the VM. To do that, please issue: cd vagrant vagrant ssh Happy hacking, -- Ague pgpreacRL3HbC.pgp Description: PGP signature ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev