sajolida wrote:
> Together with Giorgio Maone from NoScript and tchou we designed a crazy
> new plan to solve a great deal of ISO verification for the masses.
>
> Here it is:
>
> https://tails.boum.org/blueprint/download_extension/
>
> Please everybody, check the scenario that we are proposing there, so we
> all agree on the plan.
I like this idea a *lot* (and am doing something similar for
distributing Tor). Are the repos public? Would love to take a peek.
One issue that I see is that this method relies on people having a
secure connection to the Firefox add-ons site. This is not always the
case, and there are lots of MITM anecdotes involving FF extension
installation/updating. Also, this extension should allow users to
select any local file to verify the hash. I would additionally request
that there be an option to simply generate a sha256 hash so that users
can attempt to verify other software as well.
best,
Griffin
