apt-transport-tor

[KwadroNaut]

Describe the change

Apt should probably use .onions in the sources.list, both the generic *ubuntu.com ones as the apt.freedom.press ones.

How will this impact users?

It might make installing or upgrading a little bit slower. In daily usage, people will not really notice this change.

User Research Evidence

Additional context

I presume (no research) that it's not too hard for a network observer to figure out who tries to access the apt.freedom.press one.

[zenmonkeykstop]

Is this a docs change, or one for the securedrop main repo? I'd imagine this would involve changes in ansible installation roles, as these files are not hand-written.

[KwadroNaut]

You're right, I filed this one in the wrong repository. Sorry! Can you simply move it? I think it's rather low priority.

[gonzalo-bulnes]

Note: Incidentally, the TLS certificate for https://apt.freedom.press expired today. (I'm not sure in which repo this issue was meant to be opened, so I thought I'd comment here.)

Websites prove their identity via certificates, which are valid for a set time period. The certificate for apt.freedom.press expired on 1/3/2021.

Error code: SEC_ERROR_EXPIRED_CERTIFICATE

[conorsch]

Thanks for mentioning, @gonzalo-bulnes. We've fixed the certificate, and will be publishing an advisory shortly.

[conorsch]

will be publishing an advisory shortly

Here it is: https://securedrop.org/news/advisory-temporary-certificate-error-aptfreedompress/ Thanks again for the prompt communication, @gonzalo-bulnes.

[eloquence]

Closing in favor of #666 to scope in a bit more detail, thanks for the initial suggestion @KwadroNaut!