[tbb-dev] Future of Tor Browser hardened
Georg Koppen
gk at torproject.org
Thu Feb 2 21:28:00 UTC 2017
Hi all,
a while ago a ticket about renaming our "hardened" series got filed[1].
There, it is argued we should think about renaming the hardened series
to something else as it is probably not as hardened as one would expect
and thus misleading our users. Especially shipping that build with
Address Sanitizer (ASan) enabled caused some folks to point out that
ASan is mainly a debugging tool (which the other goal of the hardened
series is) which is very likely at odds with the hardened aspect of the
series.
While I still stand to the things we said in our blog post[2] back then
when we introduced the hardened series I am fine with picking this
discussion up right now and moving on to a decision. The reason for that
is that we have Yawning Angel's sandboxed Tor Browser which achieves the
goal of preventing harm from our users much better than the hardened
aspect of our hardened series could ever do. Moreover, selfrando, one of
the noteworthy aspects of our hardened series, is about to get shipped
in our regular alphas. If all goes well it will be available in 7.0a2.
So, things we need to decide are
1) What do we want to do with our hardened series? Should we rename it
to "debug series" or something similar?
2) Should we expose the renamed thing to the general public as an own,
new series or should we just ship the means to create a debugging build
whenever we need one?
3) What should we do with users already being on the hardened update
channel? Should they get moved to our alpha channel with some notice?
or maybe some fourth or fifth item rendering 1)-3) moot but which I did
not come up with?
Georg
[1] https://trac.torproject.org/projects/tor/ticket/20814
[2] https://blog.torproject.org/blog/tor-browser-55a4-hardened-released
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20170202/820a0945/attachment.sig>
More information about the tbb-dev
mailing list