[tor-dev] TUF Repository for Tor Browser
bancfc at openmailbox.org
bancfc at openmailbox.org
Sat Jun 11 11:22:22 UTC 2016
On 2016-06-10 18:27, Lunar wrote:
> bancfc at openmailbox.org:
>> Rehash of previous discussions on the topic:
>
> See #3994.
>
>> The major reasons why TBB is not in the Debian repository:
>>
>> * The reproducible build system depends on a static binary image of
>> (then
>> Ubuntu) which runs counter to Debian policy.
>
> It's likely not a problem if built from source.
>
>> * TBB is based on Firefox ESR and not Iceweasel which also runs into
>> the "no
>> duplicate source package" policy of Debian.
>
> I've discussed this with Debian security team a while ago and they are
> ok with duplicate source code as long as the updates are done in a
> timely manner. Tor Browser has a good record, so it's fine.
>
>> Reasons for unavailability of TBB .deb in the Tor Project APT
>> repository:
>>
>> * The break neck speed of development
>
> A regular build could probably be automated via Jenkins.
>
>> * Its not easily packaged and the amount of effort needed is better
>> spent
>> otherwise.
>
> As far as I understand, the main issue is that Tor Browser only works
> with a single (pre-populated) profile which can't be shared amongst
> multiple users. Once this is solved, and Tor Browser can be installed
> system-wide, getting a package should not be very hard.
>
> Hope that helps,
Thanks Lunar for the update. I thought the effort to upstream TBB had
completely stalled because there was no activity on #3994. Good to know
its still alive.
Is there somewhere I could look to track progress besides that ticket?
More information about the tor-dev
mailing list