This project is pending deletion, and will be deleted on 2025-08-04. Repository and other project resources are read-only.

Draft how Tails Installer should trust the Tails signing key

How do we trust the signing key?

One possibility would be to TOFU. But on second use, how do we identify that the user has trusted the key once? => verify if we can change a key’s trust level without signing it.
Trust the Debian keyring.
- installer needs to check if Tails signing key contains signatures from Debian keyring / Web of Trust. If not, how should it advertise the user that the key does not contain any signature which is also present in the keyring?

Research if our public signing key should be packaged with the tails-installer or could we create a package tails-keyring which would be a dependency of tails-installer?
- In Windows version the key could be contained in the package directly.
- Deb packages are signed by Debian keyring, which increases the level of trust.
- having tails-keyring as independent package would allow for easier updating in case of revocation or changes.

Parent Task: #10315 (closed)

Original created by @u on 10317 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information