Design scenario and features for a Tails Installer package in Debian
It might simplify the installation workflow to have a Tails Installer package in Debian (eventually also Ubuntu) for downloading, verifying, and installing the ISO.
This could be a use scenario:
1. The user installs the tails-installer package.
2. The user starts Tails Installer.
3. Tails Installer downloads the latest ISO image.
4. Tails Installer verifies the ISO first with the signing key from the
package.
5. Tails Installer also tries to verify the ISO using the user’s
keyring.
6. Tails Installer compares both results and warn the user if they
differ.
7. Tails Installer installs the ISO image onto a USB stick.
8. The user restarts on a fully operational Tails and is happy.
The user might, either before, either after using the Installer, do
stronger verification on the signing key in her own keyring. For
example
you might have a personal trust path or a local signature in your
personal keyring. But we shouldn’t import automatically new keys in the
user’s keyring. On the other hand, it might always be a good thing to
verify the ISO with a key included in the package, probably using a
dedicated keyring.
Blueprint: https://tails.boum.org/blueprint/bootstrapping/installer/
Parent Task: #8549 (closed)
Related issues
- Blocks #8556 (closed)
Original created by @sajolida on 7046 (Redmine)