[tor-dev] TUF Repository for Tor Browser

bancfc at openmailbox.org bancfc at openmailbox.org
Sat Jun 11 11:22:22 UTC 2016


On 2016-06-10 18:27, Lunar wrote:
> bancfc at openmailbox.org:
>> Rehash of previous discussions on the topic:
> 
> See #3994.
> 
>> The major reasons why TBB is not in the Debian repository:
>> 
>> * The reproducible build system depends on a static binary image of 
>> (then
>> Ubuntu) which runs counter to Debian policy.
> 
> It's likely not a problem if built from source.
> 
>> * TBB is based on Firefox ESR and not Iceweasel which also runs into 
>> the "no
>> duplicate source  package" policy of Debian.
> 
> I've discussed this with Debian security team a while ago and they are
> ok with duplicate source code as long as the updates are done in a
> timely manner. Tor Browser has a good record, so it's fine.
> 
>> Reasons for unavailability of TBB .deb in the Tor Project APT 
>> repository:
>> 
>> * The break neck speed of development
> 
> A regular build could probably be automated via Jenkins.
> 
>> * Its not easily packaged and the amount of effort needed is better 
>> spent
>> otherwise.
> 
> As far as I understand, the main issue is that Tor Browser only works
> with a single (pre-populated) profile which can't be shared amongst
> multiple users. Once this is solved, and Tor Browser can be installed
> system-wide, getting a package should not be very hard.
> 
> Hope that helps,

Thanks Lunar for the update. I thought the effort to upstream TBB had 
completely stalled because there was no activity on #3994. Good to know 
its still alive.

Is there somewhere I could look to track progress besides that ticket?


More information about the tor-dev mailing list