With that logic, Debian still is too.
dguth...@posteo.net: > With the exception that their servers are likely to still be rooted. > > James: >> Duncan: >> >>> >>> For future reference, Mint is based on Ubuntu. Find out the >>> corresponding version that Mint is basing on, and use the Tor Project's >>> Deb repository for that (this is almost certainly how it has been >>> configured). I don't know what Mint's policy is but I'd be very >>> surprised if this was default. Maybe you added it and forgot about it at >>> an earlier date. I suppose it's possible they have it listed under >>> additional repositories for the sake of convenience for Mint's users. >>> >>> A word of warning I'd urge you to take heed of: Mint have had some >>> severe security issues in the past, both in updating packages (by >>> default they hold essential security updates such as to the kernel back >>> for "stability") and issues on their server. In a nutshell, they have >>> been running a large software project like amateurs and their servers >>> were accordingly rooted. >>> They had their servers compromised twice within the last two years, by >>> means of outdated and ill-configured Wordpress plugins. Their forum >>> contents, including user details and passwords, were compromised and put >>> up for sale for a paltry sum on some dodgy website (if I remember the >>> reporting at the time, this happened more than once); and downloads were >>> replaced with malicious ISO images that included spyware. >>> There is no evidence they changed their security practices, so it's >>> reasonable to suggest that their servers are still compromised, or that >>> it is so trivial to do so that it will happen again. I would recommend >>> installing Debian or Ubuntu directly, as both these distributions have >>> good security practices. >>> >>>> But the only package that shows up in Mint's software manager is >>>> "torbrowser-launcher", maintained by Ubuntu Developers >>>> <ubuntu-devel-disc...@lists.ubuntu.com>. >>>> I was curious if anyone used this torbrowser-launcher, or if >>>> Torproject devs would highly frown on it? >>>> >>>> Its description: "helps download & install torbrowser." Doesn't >>>> mention anything about it verifying TBB signature, which I always do. >>>> >> >>> Best, >>> Duncan >> http://www.infoworld.com/article/3182824/linux/is-linux-mint-a-secure-distribution.html >> >> >> https://nakedsecurity.sophos.com/2016/02/22/worlds-biggest-linux-distro-infected-with-malware/ >> >> >> https://superuser.com/questions/882957/how-to-make-sure-that-repositories-added-to-linux-mint-are-safe-and-secure >> >> >> https://www.linuxmint.com/rel_sarah_cinnamon_whatsnew.php >> >> Duncan, I think you're trashing a distro based on what happened in 17.3 >> from overseas. the smart thing is to checksum the download. There are a >> few articles above that talk about this. and there are two sets that >> verify the downloads now. So, in fairness, I believe Mint isn't any >> different than Ubuntu or Debian. Don't forget Debian was vulned a while >> back too. All of these come from the same place and some of these repos >> are interchangeable. I think your subjective ideas are simply out of >> date and wrong now. (P.S., there are more links to prove what I am >> saying here) -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
