[tor-bugs] #32550 [Circumvention/Obfs4]: Static tor in docker container
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Feb 26 13:50:49 UTC 2020
#32550: Static tor in docker container
-------------------------------------------------+-------------------------
Reporter: thymbahutymba | Owner: phw
Type: enhancement | Status:
| assigned
Priority: Medium | Milestone:
Component: Circumvention/Obfs4 | Version:
Severity: Normal | Resolution:
Keywords: docker, s30-o24a2, anti-censorship- | Actual Points:
roadmap-2020Q1 |
Parent ID: #31281 | Points: 2
Reviewer: | Sponsor:
| Sponsor30-can
-------------------------------------------------+-------------------------
Comment (by thymbahutymba):
> Another reservation I have is that this approach requires us to keep
track of the latest versions of dependencies and their security
vulnerabilities, which takes time and effort. Every time we're creating a
new docker image, we need to figure out what the latest version of OpenSSL
etc. is. A Debian package however takes care of this for us.
I don't know the smart reply for such problem. However I think that here
the point is that you are putting your trust in Debian packager but
different approach can be the rolling-release one, in this case we can
update every time the tor-static docker version with the latest release of
each library having somehow the benefit of doubt about vulnerabilities.
Wheter they are present, after the discover, new version should be
available and updating it should solve such problem. Hoping I've clarified
my point of view even if I'm not undred percent sure about it.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32550#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list