[tor-bugs] #26848 [Core Tor/sbws]: Create Debian package for sbws
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jul 19 17:05:13 UTC 2018
#26848: Create Debian package for sbws
---------------------------+-------------------------------------
Reporter: juga | Owner: juga
Type: defect | Status: assigned
Priority: Medium | Milestone: sbws 1.0 (MVP must)
Component: Core Tor/sbws | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: #25925 | Points:
Reviewer: | Sponsor:
---------------------------+-------------------------------------
Comment (by juga):
Replying to [comment:5 irl]:
> I'm *really* not convinced it is a good idea to do this.
i'm not totally convinced either, but asked around for some time and we
decided to go for it.
> Creating the structure of a Debian package and building a policy-
compliant
> package is a great idea and would make deployment easier, as long the
the
> dirauths are running Debian which at least dannenberg and maatuska are
> not.
the majority are running Debian.
> My main objection to this though is that the package is not really
useful
> outside of the directory authorities, not all of which run Debian and
not
> all of which might even run sbws. It could be though that many people
> decide they want to measure the network themselves just for fun, and
> generate useless load.
i share this concern seems months when i first thought to do this. But:
1. in theory anyone could have been running torflow (just a bit harder
to install) for 6 years
2. in theory anyone can run sbws now (not hard to install)
3. some dirauths would refuse to install something from
unsafe/unverified sources
> > (optionall) provide sbws releases via dist.tpo (#26849) so that watch
> does not use Github
>
> You could just do this anyway, and have the dirauths fetch the code
from
> here? This would work for all platforms then.
agree, the ticket is created. Still upstream releases would miss
important system configuration/dependencies.
> Assuming that you do go ahead with this anyway and there's something
I'm
> missing:
>
> > get ITP accepted
>
> I have no idea what this means. If you file an ITP bug it means you
intend
> to package it. No one accepts or rejects these although discussion may
> happen on the bug.
New packages need to close an ITP. AFAICT that discussion is important
to actually decided whether it makes sense to have the package in Debian.
>
> > create debian backport to current stable (stretch)
>
> Note that it would take 10 days after the upload to unstable is
accepted
> (sometimes more) to be able to upload a backport. If the dirauths are
> running stable, they would be delayed 10 days upgrading while this
> happens.
security updates for backports happen faster?
> > (optional) create bug in Ubuntu to get the package distributed in
Ubuntu
> too
>
> If it's in unstable you'll find it just appears in Ubuntu.
didn't know this.
It's not, in my
> experience, that quick to get updates to go in. This will be especially
> apparent with such a niche package.
Note there's also:
[ ] (optional) upload the package to deb.tpo
Alternatively we could upload it only there, but arma mentioned that only
packages that are also in Debian archive go there, cause otherwise would
end up unmaintained.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26848#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list