[tor-dev] TUF Repository for Tor Browser
Lunar
lunar at torproject.org
Fri Jun 10 16:27:34 UTC 2016
bancfc at openmailbox.org:
> Rehash of previous discussions on the topic:
See #3994.
> The major reasons why TBB is not in the Debian repository:
>
> * The reproducible build system depends on a static binary image of (then
> Ubuntu) which runs counter to Debian policy.
It's likely not a problem if built from source.
> * TBB is based on Firefox ESR and not Iceweasel which also runs into the "no
> duplicate source package" policy of Debian.
I've discussed this with Debian security team a while ago and they are
ok with duplicate source code as long as the updates are done in a
timely manner. Tor Browser has a good record, so it's fine.
> Reasons for unavailability of TBB .deb in the Tor Project APT repository:
>
> * The break neck speed of development
A regular build could probably be automated via Jenkins.
> * Its not easily packaged and the amount of effort needed is better spent
> otherwise.
As far as I understand, the main issue is that Tor Browser only works
with a single (pre-populated) profile which can't be shared amongst
multiple users. Once this is solved, and Tor Browser can be installed
system-wide, getting a package should not be very hard.
Hope that helps,
--
Lunar <lunar at torproject.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160610/d7f552a4/attachment.sig>
More information about the tor-dev
mailing list