[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] TUF Repository for Tor Browser



On 2016-06-10 18:27, Lunar wrote:
bancfc@xxxxxxxxxxxxxxx:
Rehash of previous discussions on the topic:

See #3994.

The major reasons why TBB is not in the Debian repository:

* The reproducible build system depends on a static binary image of (then
Ubuntu) which runs counter to Debian policy.

It's likely not a problem if built from source.

* TBB is based on Firefox ESR and not Iceweasel which also runs into the "no
duplicate source  package" policy of Debian.

I've discussed this with Debian security team a while ago and they are
ok with duplicate source code as long as the updates are done in a
timely manner. Tor Browser has a good record, so it's fine.

Reasons for unavailability of TBB .deb in the Tor Project APT repository:

* The break neck speed of development

A regular build could probably be automated via Jenkins.

* Its not easily packaged and the amount of effort needed is better spent
otherwise.

As far as I understand, the main issue is that Tor Browser only works
with a single (pre-populated) profile which can't be shared amongst
multiple users. Once this is solved, and Tor Browser can be installed
system-wide, getting a package should not be very hard.

Hope that helps,

Thanks Lunar for the update. I thought the effort to upstream TBB had completely stalled because there was no activity on #3994. Good to know its still alive.

Is there somewhere I could look to track progress besides that ticket?
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev