how to update mobian over tor

Kevin Kofler · 07-09-2023, 05:40 AM

How can we trust those TOR links not to contain malware? I would recommend HTTPS instead, failing that HTTP, but not TOR with Onion links given by some random commenter on some forum.

zetabeta · 07-09-2023, 03:27 PM

(07-09-2023, 05:40 AM)Kevin Kofler Wrote: How can we trust those TOR links not to contain malware? I would recommend HTTPS instead, failing that HTTP, but not TOR with Onion links given by some random commenter on some forum.

we should be suspicious of tor links. however, if signing keys are properly validated, then installer won't install those altered packages.

this creates another problem, where are signing keys from!? do users check signing keys!?

btw, http (non-ssl) could be hijacked in rare cases.

Kevin Kofler · 07-09-2023, 05:01 PM

(07-09-2023, 03:27 PM)zetabeta Wrote: btw, http (non-ssl) could be hijacked in rare cases.

Which is why I recommend HTTPS if possible. But Debian has this strange idea of still defaulting to unencrypted HTTP mirrors in 2023 and requiring a subpackage to be installed for APT to support HTTPS at all.

vusra · (This post was last modified: 07-09-2023, 09:05 PM by vusra.)

(07-09-2023, 05:40 AM)Kevin Kofler Wrote: How can we trust those TOR links not to contain malware? I would recommend HTTPS instead, failing that HTTP, but not TOR with Onion links given by some random commenter on some forum.

links not random not suspicious. all .onion links in this thread are official debian mirrors https://onion.debian.org as zetabeta says, non official mirrors okay if signing keys are properly validated, then installer won't install those altered packages. But all onion links in this thread are official debian mirrors https://onion.debian.org

sub packages no longer need to be installed for apt transport https support

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	Upgrade to Mobian (Trixie) Staging	biketool	8	264	Yesterday, 05:49 AM Last Post: anonymous
	bookworm vs trixie discussion for mobian in pinephone regular.	zetabeta	41	8,570	11-27-2024, 10:39 AM Last Post: fernando_c_m
	atinout binaries for mobian/debian?	NeutralGrey	4	1,376	10-31-2024, 04:16 AM Last Post: astylethargic
	Mobian-Kicksecure?	3460p	0	841	05-26-2024, 02:09 PM Last Post: 3460p
	Mobian repository status	henrythemouse	16	12,133	04-10-2024, 10:02 AM Last Post: diederik
	cant verify mobian image at website gnugpg	penguins_rule	0	901	03-18-2024, 08:54 PM Last Post: penguins_rule
	mobian installed to eMMC - how to install tow-boot	grump_fiddle_reinstall	6	3,958	11-22-2023, 11:46 AM Last Post: aLoop100o
	What actions needed to keep on mobian testing	user641	3	2,591	09-05-2023, 06:44 AM Last Post: Zebulon Walton
	Mobian boot failed with zstd message after upgrade.	Mahgue	0	974	09-01-2023, 11:29 AM Last Post: Mahgue
	opensnitch outbound firewall now works on mobian	vusra	2	2,410	07-09-2023, 01:37 AM Last Post: vusra

Login




Remember me Lost Password?

About Us