[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] TBB Gentoo ebuild



On Sun, Aug 26, 2012 at 5:35 PM, julian <julian.ospald@xxxxxxxxxxxxxx> wrote:

> 13 Aug 00:28 Matthew Finkel:
>> 4) Given 3), is there a reason Tor is not at least an optional
>> RDEPEND for torbrowser via a USE flag (or another way)?
>
> There are no optional runtime-only dependencies in gentoo, this could
> change with GLEP 62.
> http://www.gentoo.org/proj/en/glep/glep-0062.html
>
> I could however tell the user after compilation that he might want to
> use tor with this...erm... but I thought that's obvious. The fact that
> it's not forced for RDEPEND is simply, because there are setups where
> this is not wanted/required.
>

Ah, I apologize, I thought having optional runtime deps were possible.
I also agree that is should be obvious but I've learned to err on the
side of caution, if possible.

>
> 13 Aug 00:28 Matthew Finkel:
>> 5) If you did/do intend to create an ebuild for the TBB and not
>> just the browser, it should provide the exact same experience as if
>> the user downloaded it from torproject.org. I think this should
>> include Vidalia launching Torbrowser once the network is
>> configured.
>
> Definitely not. The intention is not to provide an all-in-one experience.
> I already had those arguments with the guys from #tor
>

Okay, so you want to add the TorBrowser to portage so that a user can
emerge all of the components of the TBB and can use them as he/she
sees fit, correct?

> All I am interested in is the question about the firefox build-time
> configuration and if different build-time configurations could lead to
> vulnerability in the tor network. If there is the slightest doubt
> about that, I will remove this ebuild at once or fix it.

I'm not a browser dev, but I don't think this shouldn't be an issue.
As long as the ebuild uses all of the security patches and extensions,
it shouldn't be a problem. Also, if any vulnerabilities are introduced
by this ebuild, it would only harm the user's anonymity and should not
have an impact on the network.

>
> - -
> hasufell

- Matt
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev