Re: Apt sources.list

To: debian-user@lists.debian.org
Subject: Re: Apt sources.list
From: Greg Wooledge <greg@wooledge.org>
Date: Sat, 15 Apr 2023 19:11:02 -0400
Message-id: <[🔎] ZDsvBre6FCnnTyfU@wooledge.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] alpine.DEB.2.21.2304152053090.2425@azone.org>
References: <[🔎] 20230415081117.13655c70@yosemite.mars.lan> <[🔎] 15042023132141.bd720baf79f7@desktop.copernicus.org.uk> <[🔎] ZDqd9oXDlldenbOa@wooledge.org> <[🔎] 20230415130127.GC2480@phcomp.co.uk> <[🔎] 20230415110052.13e41140@yosemite.mars.lan> <[🔎] 20230415161857.tsuodcy3nzdqnjnq@randomstring.org> <[🔎] ZDri2FEbSo1KNAhw@tuxteam.de> <[🔎] alpine.DEB.2.21.2304152053090.2425@azone.org>

On Sat, Apr 15, 2023 at 10:54:10PM +0000, davidson wrote:
> In case you wish to obscure what software you *install*, but need not
> conceal the software you *download*:
> 
>  Step one: Make a list of the packages you want, and then augment it
>  with as many plausible alternatives and red herrings as you like.
> 
>  Step two:
>  $ apt-get -d install <many packages>
> 
> This downloads the packages only, so you can download packages you
> will *not* install, along with ones you will. Then install the proper
> subset you want installed, without the '-d' option.

I'm at a loss as to what threat model this is supposed to protect against.
In the obvious one ("Comrade Davidson has downloaded package A.  Let's
bump up the priority of his surveillance."), downloading flagged package A
*and* possibly-flagged package B is just going to make your situation
worse, not better.

Now, personally I don't feel this is a threat model that I need to
worry about.  I just use plain old http sources at home, and if "They"
learn that I've downloaded rxvt-unicode and mutt, well, good for Them.

Reply to:

Follow-Ups:
- Re: Apt sources.list
  - From: The Wanderer <wanderer@fastmail.fm>
- Re: Apt sources.list
  - From: davidson <davidson@freevolt.org>
- Re: Apt sources.list
  - From: Tim Woodall <debianuser@woodall.me.uk>

References:
- Apt sources.list
  - From: <paulf@quillandmouse.com>
- Re: Apt sources.list
  - From: Brian <ad44@cityscape.co.uk>
- Re: Apt sources.list
  - From: Greg Wooledge <greg@wooledge.org>
- Re: Apt sources.list
  - From: Alain D D Williams <addw@phcomp.co.uk>
- Re: Apt sources.list
  - From: <paulf@quillandmouse.com>
- Re: Apt sources.list
  - From: Dan Ritter <dsr@randomstring.org>
- Re: Apt sources.list
  - From: <tomas@tuxteam.de>
- Re: Apt sources.list
  - From: davidson <davidson@freevolt.org>

Prev by Date: Re: "Bug" in Debian Installer?
Next by Date: Re: Apt sources.list
Previous by thread: Re: Apt sources.list
Next by thread: Re: Apt sources.list
Index(es):
- Date
- Thread