On Sun, 2012-08-12 at 18:28 -0400, Matthew Finkel wrote:
After thinking about this for a little bit, here's my 2 cents. =)
- The ebuild is specifically for building the Tor browser, not the
bundle. The package name of the ebuild states this but the email mentions the bundle.
You're right, we want to build the Tor browser, not the TBB.
- One of the best reasons for using the bundle is that it is
self-contained. If you want to use the bundle for anonymity you can easily do this and then discard it will little trace. This becomes much more difficult with a system-level install.
This is true, but in some scenarios (e.g. full disk encryption) having a system Tor Browser, could allow to have more easily sophisticated configurations. Using Tor Browser could even be a company policy in certain cases. Having a system Tor Browser would offer some advantages.
- On the other hand, I see no reason to restrict a security-conscious
user from using a more secure browser, as long as they understand the trade-offs. However, torprofile should not be an optional USE flag. Only adding some patches from upstream does not make it the Torbrowser.
Right, what we're willing to offer to the user is a web client which looks exactly the same as the Tor Browser to the web server he's connecting to, but leave all the rest easily configurable. Gentoo philosophy focuses a lot on the freedom of choice. The point now is be sure that our Tor Browser looks exactly like the official one, therefore all my questions.
- Given 3), is there a reason Tor is not at least an optional RDEPEND
for torbrowser via a USE flag (or another way)? 5) If you did/do intend to create an ebuild for the TBB and not just the browser, it should provide the exact same experience as if the user downloaded it from torproject.org. I think this should include Vidalia launching Torbrowser once the network is configured. 6) Make sure the ebuild references Tor and not TOR
I think we'll require Tor and integrate the Tor Browser profile.
Thanks for your answer, Ale