On 02/06/2015 12:03 AM, grarpamp wrote: > On Thu, Feb 5, 2015 at 11:15 PM, Nick Mathewson <nickm@xxxxxxxxxxxxx> wrote: >> The idea is that Tor could ship with some basic recommendations, and >> links to places to find more advice? > > If it's a question that can be answered by searching "how do i > secure and run my unix server", including anything other than > links to such answers would seem redundant. Sure, noobs > are out there, but it isn't efficient for application projects to > formally provide general computer training. > > If it's a question of "how do i make tor/unix run happy together > on my server", ie: file descriptor shortages, that's a specific > known interaction with tor itself, and thus a different situation. > > The only thing I'd ship with tor are links... to two community > maintained wiki pages, one for each class of question above. > From there the community can write whatever faq help desired > independant of the release process and considering external > developments. > > If there wasn't a community or wiki, then shipping any critical > runtime dependency notes on the second class of question > would be reasonable. > _______________________________________________ > tor-relays mailing list > tor-relays@xxxxxxxxxxxxxxxxxxxx > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > For what it's worth, I'm mmcc - I wrote the doc/HARDENING draft. It did end up containing more text than we had hoped. However, I think some of it is worthwhile. For example, the firewall rules are unique to Tor and not entirely obvious. People also wouldn't encounter the DNS suggestion elsewhere. I added that version to the ticket because it was being considered for the 0.2.6 release. I sent a similar version to the mailing lists a couple months ago and haven't reviewed and incorporated some of the suggestions I received, partially because I suspected that it was already too verbose. I'm not attached to this document, and I'm fine with it not being added. I also like the idea of linking to a wiki page. Generally, I think we need to make more of an effort to get security information to relay operators. Many volunteer a VPS or home server out of curiosity, and there isn't much of a culture of operational security among those contributors. This could become a problem as the network matures.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays