[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] RIP Tor

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] RIP Tor
From: Andreas Krey <a.krey@xxxxxx>
Date: Wed, 8 Jun 2016 14:13:47 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 08 Jun 2016 08:14:16 -0400
In-reply-to: <48b531c4527f9bcd82ef0be480153f32@xxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <bfd85298d1c9a42cc9f3945c11a7679f@xxxxxxx> <132a0399ed4081a3f70d6027ca3e97cc@xxxxxxxxxx> <9fc6224a-fd13-5887-62b5-7bb7fafe6787@xxxxxxxxxxxxxxx> <7d0669b87c4e9888ee1672080c33a5c0@xxxxxxxxxx> <20160608060310.GB22075@xxxxxxxxxxxxx> <48b531c4527f9bcd82ef0be480153f32@xxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.4.2.1i

On Wed, 08 Jun 2016 11:41:14 +0000, CANNON NATHANIEL CIOTA wrote:
....
> Open source and compiling from source is best option. Hopefully there 
> are enough programmers that are able to interpret the source code 
> examining it. Although the source code may be good, most users do not 
> compile from source. Most users install pre-compiled binaries. If I was 
> an adversary I would have the source code clean and have a backdoor in 
> the pre-compiled binaries knowing most people do not compile from 
> source.

That's why tor is doing reproducible builds.

> Most people is all it takes for a sybil position in the network. 
> To mitigate such a thing, one good solution would be to replace 'apt-get 
> install tor'

I'd tend to trust debian to do their thing right, at least as much
as I trust my own verification of what I downloaded to build tor.

> with instructions of how to download, verify integrity, and 
> compile from source; in guides aimed at aspiring Tor node operators and 
> advanced users.

Data point: https://github.com/apk/buildery/blob/master/tor-build/build.sh
This is with building openssl, and has issues that the LD_LIBRARY_PATH
needs to be correct when starting it. Should perhaps throw a -Bstatic
in there.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] RIP Tor
  - From: aaa
- Re: [tor-talk] RIP Tor
  - From: Not Friendly
- Re: [tor-talk] RIP Tor
  - From: Anthony Papillion
- Re: [tor-talk] RIP Tor
  - From: Not Friendly
- Re: [tor-talk] RIP Tor
  - From: carlo von lynX
- Re: [tor-talk] RIP Tor
  - From: CANNON NATHANIEL CIOTA

Prev by Author: Re: [tor-talk] Recent news stories regarding Tor
Next by Author: Re: [tor-talk] Is it going to extradite Jacob to usa?
Previous by thread: Re: [tor-talk] RIP Tor
Next by thread: [tor-talk] CULT OF THE DEAD COW Statement on Jacob Appelbaum / ioerror
Index(es):
- Author
- Thread