Hi, On Sonntag, 27. Juli 2014, Stefano Zacchiroli wrote: > > I believe this has probably been done by design, > FWIW according to the upstream author (who has encouraged me to submit > the bug also in the upstream BTS and *cough* propose a patch) that's not > the case.
ah + heh.
> I'm not sure I understand the threat model you've in mind here. If
> secrecy is needed on the fact that someone might be using torbrowser,
> than *installing* torbrowser-launcher is not a good idea.
You're right on this, I guess. I had in mind the scenarioa where having it
installed wouldnt be less of a problem of having left traces of usage, but on
a second thought thats probably not very realistic.
> Bottom line: for that threat model a live system would be much better,
> and whether cleaning traces of past usage involves removing one
> directory, or several, seems just a minor detail really.
I agree.
> If we really want to support such a cleanup (which I'm not sure about),
> the best option seems to be to add a "--self-destruct" option to
> torbrowser-launcher, which does all the needed cleanup.
hm...
> The problem is
> that on distros like Debian, such a command should also "dpkg --purge"
> the package (and its dependencies...).
and the command history and dpkg.log and probably other stuff too... :)
cheers,
Holger
signature.asc
Description: This is a digitally signed message part.
