man in the middle – How does a person under surveillance safely download tor or tails in a hostile environment?


One of tor’s stated goals is to help individuals such as journalists, activists and whistleblowers protect against surveillance, and in many countries people in those lines of work or activities are usually subject to surveillance, especially targeted surveillance.

Given a scenario in which a journalist working in an environment where he is subject to active targeted surveillance, how would he safely download tor? Assume that the journalist in question is using a new computer with a freshly installed Linux distribution. In what ways could an adversary with man-in-the-middle capabilities affect or compromise the download?

Does using https to download TAILS or the distribution package manager to download tor provide enough security to protect from malicious third-parties?
How can someone in this scenario safely download tor or TAILS?