I was wondering to split-out the Tor bootstrap test of whonixcheck. Make it standalone. (Perhaps later called by whonixcheck.) Had some ideas about whonixcheck long term anyhow. There are too many mixed up use cases, see:
https://www.whonix.org/wiki/Whonixcheck#Development
Maybe only auto running in silent mode and only reporting grave issues. No default active info popups anymore after boot anymore. Silent mode, see:
https://www.whonix.org/wiki/Whonixcheck#Silent_Mode
And no longer fetching anything from remotes unless whonixcheck is started in a specific mode. (Skipping Tor socks port, Tor trans port [and stream isolation] tests. For better security. [A sane exception for the operating system updates check that just uses apt-get.] At this stage, we no longer need to keep running the leak tests for everyone all the time.
I was also wondering to abolish whonixcheck Whonix News. Info on whonixcheck Whonix News:
https://www.whonix.org/wiki/Stay_Tuned#Whonix_Version_Check_and_Whonix_News
On one hand, the notification if a Whonix build version had to be deprecated - lets hope this will never happen - but it may happen - is useful. The other news about important things, I am not sure an info line in whonixcheck is an effective means to communicate that. That would require a much better standalone gui notification.
-
We could also if ever needed to deprecate a build version by releasing a whonixcheck Debian package upgrade and issuing a big warning popup. The advantage of having whonixcheck Whonix News not go through apt-get applies to a much lesser degree since now everything is hosted on whonix.org and since there is no Permanent Takedown Attack Defender on the horizon anyhow.
-
Linux distributions have no mechanism to effectively relay important informations to users. By default I would propose an emergency new notification. Lots and lots of Linux desktop users do not continuously follow Linux or their distribution news. Should anything really bad happen such as “debian.org domain down, you will no longer receive upgrades, make sure to read more at …” or “apt-get vulnerability in the wild, do not upgrade using apt-get or you will become infected, read more …”, then I would imagine a non-intrusive “distribution news” popup with this news would be useful with buttons such as “got it, remind me later”. I tried to provide such a mechanism using whonixcheck Whonix News but the gui is much too bad for this to be an effective means of spreading the news.
-
related:
-
apt-revoker - Check for Revocation Certificates before running apt-get - https://phabricator.whonix.org/T140
-
Permanent Takedown Attack Defender - https://phabricator.whonix.org/T114