Hi Israel,

Following are my comments on your proposal[1], that I've mentioned on
IRC earlier today.


Hi Nima, thanks for commenting.

 

1- wrt cloud-storage mirrors and private git-repo, ideally the links
shouldn't be stored anywhere at all. Sending an email to gettor should
be the only way to get a link.


What's wrong with storing these links?

 
Maybe we should generate unique URLs for each request, so in case the
censors blocked or limited access to SSL, we could serve the unique
links over HTTP.

So the scenario in my mind is something like:

user asks for a bundle -> gettor generates new urls on cloud (either by
fetching the latest bundle from dist or recycling old urls) -> reply to
user with urls, keeps the urls for a while -> then either remove or
recycle the links.


Sounds great! If we can't ensure message encryption, we could at least delete the uploaded packages after some fixed amount of time, so other people can't (easily) know what you've downloaded. This should consider abuse prevention.

 

2- I find Skype distribution method, a terrible idea for many reasons.
Instead, we could aim for XMPP (with and without OTR support).

Yeah, not the best distributor but IMHO is "less suspicious" or hard to block in a large scale. Replacing it with XMPP sounds fine to me, though.

 

3- Having an smart core module to understand a request like "Give me the
URL links for TBB in this language" is cool but we need to make sure it
wouldn't break or cause problems when we start to get requests in 10
different languages.


Of course, whether the code is re-written from scratch or fixed, it has to be done with scalability in mind.

 

Just my 2cents.

[1]: https://ileiva.github.io/gettor_proposal.html

Best of luck and happy coding,


Thanks!

best,
israel