On Sun, Apr 27, 2014, at 17:05, [email protected] wrote: > J.M. Porup: > >> If I understand correctly, your problem could also be solved by > >> having support for persistence from a separate device when running > >> on DVD, and using the additional software feature. See > >> https://labs.riseup.net/code/issues/5561. > > > > Persistance on a separate device would be a suboptimal solution. In > > order to trust any program installed on a USB stick, I would have to > > re- download and re-verify the .deb packages every time in order to > > verify their integrity. Cryptographic tools bundled with TAILS on > > DVD do not suffer from this vulnerability. > > Is you could use a combination of the APT Packages [1], APT Lists [2], > and Additional software [3] persistence features then you would not > have to download them each and they would be installed automatically > every time. > > [1]:https://tails.boum.org/doc/first_steps/persistence/configure/#apt_packages > [2]: https://tails.boum.org/doc/first_steps/persistence/configure/#apt_lists > [3]:https://tails.boum.org/doc/first_steps/persistence/configure/#additional_software > > Note that the verification process involved in Debian when installing > a packages uses OpenPGP and is exactly the same as the one we rely one > while building our ISO images in the first place. So new packages > shouldn't be considered as less authenticated that pre-installed > packages (if your system hasn't be tempered with of course).
I thank you for investigating the problem, and suggesting this option. Personally, though, I would not want to use cryptographic tools installed on a USB stick. How can I be sure my USB has not been tampered with? As an aside, TAILS persistance strikes me as more of a bug than a feature. I do not think it should be encouraged. > > Even if none of these GUI implementations are (yet) suitable for > > TAILS, it's still worth considering including 2FA command line > > tools. For a very small amount of disk space, you can significantly > > increase the security of those who know how to use oathtools. > > For me that goes very well into the kind of useful packages that > the Additional software persistence feature is made for. But that > cannot go into the official ISO image because they lack a proper > GUI in Debian. > > Nonetheless, in order to get the opinion of more devs I created a > Discuss ticket on Redmine: > > https://labs.riseup.net/code/issues/7128 thanks. j _______________________________________________ tails-support mailing list [email protected] https://mailman.boum.org/listinfo/tails-support To unsubscribe from this list, send an empty email to [email protected].
