Upload hybrid or v2 torrents when 4.2 is released for better security

v2 .torrent files use SHA-256 to verify downloaded pieces instead of SHA-1 which is better for security. This would increase the security for people that just download the torrent and don’t bother to even check the hash (or signature) because they’re in a hurry and assuming their torrent client is taking care of it.

Archive link because it doesn’t like Tor:

According to Wikipedia Transmission and qBittorrent are the only free software torrent clients that support v2 (or hybrid torrents). When you’re creating a torrent only qBittorrent has an option to select v2 or hybrid so you’d have to use that. I’d recommend hybrid so people get the extra security if they have a supported client otherwise they can still download it with SHA-1 hashes.

1 Like

I would also bring up uploading qubes os torrents to i2p trackers for better privacy on behalf of the seeders and leechers.

http://tracker2.postman.i2p is the biggest torrent tracker on the Invisible Internet Land, and has quite good selection of torrents already. Qubes ISOs should be published there, too.

1 Like

I suggest opening an issue for this.

I use Tor for privacy and none of the email providers that GitHub accepts that I’ve tried has let me sign up for an account over Tor anonymously. Even if I could get an email GitHub would take I’ve read that GitHub still doesn’t let you sign up over Tor anyways. So I’m out of luck it seems.

I think it would be beneficial for a security and privacy focused operating system like Qubes to use a development website that allows anonymous people to contribute to the project.

skiff.com is a relatively new email provider I’ve seen recommended in a Tor context. It’s definitely possible to use Tor Browser both to create a free email account there (very unusual these days, sadly), and then to create a GitHub account with it.

Make sure that the very first thing you do in your new GitHub account is set up TOTP so that the login system doesn’t freak out on a hair trigger. If they lock you out anyway in the beginning, their customer support has been pretty good about fixing that IME in the past. Similarly, for a while you might want to keep an eye on any tickets or comment you’ve created - in case GitHub’s spam filter deletes them by mistake.

1 Like

Give rustybird’s suggestion a try. If that still doesn’t work, I suppose you could fill out the appropriate issue template in a post here, and I or someone else could copy/paste it into an issue on GitHub with an attribution link back to your forum post.

It’s not that simple. Even if we could find a suitable platform, migration would be a disruptive time sink that would come at the expense of Qubes development. If you have forum trust level 2 or higher, see: