Idea that needs to be thought through.
Sane to rebuild the same Whonix version git tag? Just re-build and re-upload?
Advantages:
- an easy, doable way to create "fresher" official Whonix stable downloads
This would be updated in the rebuild images:
- updated packages from packages.debian.org
- this will be automatically the case (since we're not building from snapshot.debian.org)
- updated Tor from deb.torproject.org
- this will be automatically the case
- updated Tor Browser
- user/developer that rebuilds needs to set tbb_version which is already supported by package tb-updater
- just need to make sure that environment variable is passed from the build script to the update-torbrowser script
This would not be updated in the rebuild images:
The following things would not be done:
- call for testers
- write release announcement
- update version numbers
...which would safe a lot maintenance work.
Disadvantages:
- There would be multiple official ova / iso versions of Whonix stored by different people. Same version number but different hashes and different software versions (packages.debian.org, deb.torproject.org, Tor Browser) but same Whonix software versions.
- Somewhat nontransparent.
Non-Issues:
- gpg signature verification. Since creation of gpg signatures (and sanity tests) are automated users can always verify gpg signatures.
- upgrading from deb.whonix.org