1.) In the LWN.net review of Tails, it says: ( https://lwn.net/Articles/440279/ )
"Tails gets its security updates from Debian's repositories, but the live CD doesn't automatically download updates nor alert the user to download them. So a manual
sudo apt-get update && sudo apt-get upgrade
before each use of the live CD is needed to stay on the safe side, because the distribution doesn't support persistent storage. Of course users could also download a new ISO image from time to time, but that seems like a waste of bandwidth."
I would like to know what the developers of Tails think of this.
Would it be sufficient to run the apt-get update and upgrade commands each time I boot into 0.7 or do you recommend downloading the newest ISO ?
2.) How concerned do you think I should be about having used 0.7 (without updating) for several hours yesterday?
I occasionally got the warning about using an external application while browsing certain Tor hidden sites. This alarmed me because these appeared to be ordinary http pages and I had browsed them in the past using the exact same Tails 0.7 CD and did not receive any such warnings.
Thank you to everyone involved in this project. It is quite impressive and much appreciated.
1) Just running an apt-get update && upgrade is better than nothing, but won't replace a real upgrade by downloading the new iso. Mainly because some of the upgrades you do with apt-get might require a reboot to be effective, which doesn't happen in the Tails' context. You also won't be able to use the new features we put in our releases, nor their bug fixes, which aren't always available in the Debian archive.
2) Not sure how concerned you should be, depends on the usage you did. We usually advice not to run a session that long, because it typically means that you are using several of your identities in a single session, which might help an attacker to correlate them. You should rather reboot each time you want to use a new identity, or work on a new task.
The warning is normal (is a Torbutton feature) and usually happens when you try to see documents that are not readable by your browser and needs an external application (i.e a pdf). Check that the page you are willing to see is really html.
About upgrading with APT: there are possibilities one messes up her anonymity and/or privacy while doing so:
=> I would not generally recommend the casual Tails user to upgrade her system without deeply understanding APT, Debian systems, the possible consequences and probably how Tails works in details.