| [[Can I add a clearnet domain to an onion build?]] |
| [[Why use Github?]] |
| [[Should I upload my GPG keys to keybase.io?]] |
| [[Keys and emails should not be stored on servers. Why do you do that?]] |
| [[Why can't I access my .onion site with a Tor browser?]] |
| [[What is the best hardware to run this system on?]] |
...
...
@@ -118,6 +119,10 @@ At present Github is useful just because of the sheer number of eyeballs and the
The source code for this project is experimentally independently hosted, and it is expected that in future the main development will shift over to an independent site, maybe with mirrors on Github if it still exists in a viable form.
Currently many of the repositories used for applications which are not yet packaged for Debian are on Github, and to provide some degree of resilliance against depending too much upon that copies of them also exist within disk images.
* Should I upload my GPG keys to keybase.io?
It's not recommended unless there exists some compelling reason for you to be on there. That site asks users to upload the *private keys*, and even if the keys are client side encrypted with a passphrase there's always the chance that there will be a data leak in future and letter agencies will then have a full time opportunity to crack the passphrases.
Saying something resembling /"only noobs will use crackable private key passphrases"/ isn't good enough. A passphrase should not be considered to be a substitute for a private key.
* Keys and emails should not be stored on servers. Why do you do that?
Ordinarily this is good advice. However, the threat model for a device in your home is different from the one for a generic server in a massive warehouse. Compare and contrast:
