[tor-dev] shipping with fallbackdir sources
Jacob Appelbaum
jacob at appelbaum.net
Fri Apr 17 21:04:32 UTC 2015
On 4/17/15, Ian Goldberg <iang at cs.uwaterloo.ca> wrote:
> On Fri, Apr 17, 2015 at 08:37:23PM +0200, Peter Palfrader wrote:
>> On Fri, 17 Apr 2015, Jacob Appelbaum wrote:
>>
>> > > I think this list would be created at release time and ship with the
>> > > tor binaries/source.
>> >
>> > That gives a build person a lot of power - should we expect each
>> > distro to do it correctly? I trust that you will do a fine job but I'm
>> > not sure about others...
>>
>> We could expect Nick or Roger to do it correctly when they make Tor
>> releases.
If it ships in a Tor release, we can assume all other packagers will
pass that onward, of course. Still, it could be tampered with if it
doesn't have dir auth signatures. I can imagine a friendly packager
thinking it would be useful to add their own router, for example.
> Remember that the purpose is to help first-time clients, who have never
> used the Tor network before, fetch their very first consensus. To do
> that, they'll need addresses to contact bundled into the binary and/or
> distro without being able to look at a consensus first.
Of course - I'm merely suggesting that the file shipped is somehow a
regular byproduct of the network rather than the result of a one off
script run at an arbitrary time.
However it is produced, I think it would be good to track each of
these documents once they're shipped as well. I guess it could be done
in git as part of the release process.
All the best,
Jake
More information about the tor-dev
mailing list