[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] TUF Repository for Tor Browser



bancfc@xxxxxxxxxxxxxxx:
> Rehash of previous discussions on the topic:

See #3994.

> The major reasons why TBB is not in the Debian repository:
> 
> * The reproducible build system depends on a static binary image of (then
> Ubuntu) which runs counter to Debian policy.

It's likely not a problem if built from source.

> * TBB is based on Firefox ESR and not Iceweasel which also runs into the "no
> duplicate source  package" policy of Debian.

I've discussed this with Debian security team a while ago and they are
ok with duplicate source code as long as the updates are done in a
timely manner. Tor Browser has a good record, so it's fine.

> Reasons for unavailability of TBB .deb in the Tor Project APT repository:
> 
> * The break neck speed of development

A regular build could probably be automated via Jenkins.

> * Its not easily packaged and the amount of effort needed is better spent
> otherwise.

As far as I understand, the main issue is that Tor Browser only works
with a single (pre-populated) profile which can't be shared amongst
multiple users. Once this is solved, and Tor Browser can be installed
system-wide, getting a package should not be very hard.

Hope that helps,
-- 
Lunar                                             <lunar@xxxxxxxxxxxxxx>

Attachment: signature.asc
Description: Digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev