| blob | 16cc9b25b7fa1c93d2833363409c97b02a542c6f |
1 Liberte Linux has this nice tidbit on the website:
3 "Liberté Linux releases are signed with a designated PGP key (DSA-3072).
4 During the build process, **all** downloaded files are automatically verified:"
5 Emphasis mine.
7 Debian and Tor code is signed, Tail is signed too. But what about Firefox extensions? They aren't usually signed by the developer nor by Mozilla.
9 All authenticity is provided by the "https" of AMO. That's not really enough for someone like me to be comfortable with.
11 Do you audit them before putting them into tails or do you just trust AMO?