On 4/17/15, Ian Goldberg iang@cs.uwaterloo.ca wrote:
On Fri, Apr 17, 2015 at 08:37:23PM +0200, Peter Palfrader wrote:
On Fri, 17 Apr 2015, Jacob Appelbaum wrote:
I think this list would be created at release time and ship with the tor binaries/source.
That gives a build person a lot of power - should we expect each distro to do it correctly? I trust that you will do a fine job but I'm not sure about others...
We could expect Nick or Roger to do it correctly when they make Tor releases.
If it ships in a Tor release, we can assume all other packagers will pass that onward, of course. Still, it could be tampered with if it doesn't have dir auth signatures. I can imagine a friendly packager thinking it would be useful to add their own router, for example.
Remember that the purpose is to help first-time clients, who have never used the Tor network before, fetch their very first consensus. To do that, they'll need addresses to contact bundled into the binary and/or distro without being able to look at a consensus first.
Of course - I'm merely suggesting that the file shipped is somehow a regular byproduct of the network rather than the result of a one off script run at an arbitrary time.
However it is produced, I think it would be good to track each of these documents once they're shipped as well. I guess it could be done in git as part of the release process.
All the best, Jake