[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #29448 [Obfuscation/BridgeDB]: Provide a dir-spec implementation that serves sanitised descriptors
#29448: Provide a dir-spec implementation that serves sanitised descriptors
----------------------------------+-----------------------------------
Reporter: irl | Owner: sysrqb
Type: project | Status: needs_information
Priority: Low | Milestone:
Component: Obfuscation/BridgeDB | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------------------+-----------------------------------
Changes (by karsten):
* status: new => needs_information
* priority: Medium => Low
Comment:
Uhm, wait, we're not violating one of the Tor Metrics principles here. The
principle we put up is that we're not going to use unpublished data. And
we're not doing that. We're sanitizing the descriptors before publishing
them on CollecTor and before processing them in any other of our tools.
We're not touching the unsanitized bridge descriptors for anything else.
So, the goal here is basically to extract the sanitizing code from
CollecTor and put it on the BridgeDB host, probably rewritten in a
different language. Right?
I can see the benefits you mentioned. I'm all for removing code from our
codebase and reducing future maintenance effort!
However, I can also see the downsides: code complexity of BridgeDB will
suddenly increase, and whoever runs BridgeDB has one more complex thing to
take care of. I'd say, given that we're not violating our principles and
that we didn't plan for this work as part of our roadmap, we should set
priority to low for now.
Let's also make sure to coordinate with BridgeDB folks ''before'' somebody
starts writing new code. Setting to needs_information for that last part.
By the way, regardless of this specific situation, this is an interesting
discussion for newly added data in general: where do we sanitize data that
is too sensitive to be published as is, and who gets to keep that code?
Let's discuss that more on #29315.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29448#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs