On Wed, Aug 17, 2016 at 11:01 AM, Alexander Færøy ahf@0x90.dk wrote:
Hi, and sorry for the delay! It's a crazy week here. :)
I'm writing this email to receive suggestions, comments, and possibly creative ideas about the following:
What is the general criteria set from the Tor project's perspective on when it is acceptable to make alternative Tor implementations available to the general public?
I'm currently testing Talla using Chutney with a mixture of NTOR and pre-NTOR Tor daemons running (inspired by one of the configuration files in the Chutney repository, which referred to a 'tor-old' binary).
My current plan is to stabilize Talla further until my gut feeling is that I can try to announce a single, middle, relay to the production Tor network. This relay will, of course, have a platform-string set to something easily identifiable like "Talla 0.0.1 (...)" and the contact-string set to a valid method of reaching out to me with, in its announced server descriptor. I will closely monitor that things are going as I expect and probably turn it off shortly after the test, when I have seen that my code isn't too "crashy" -- this will most likely be repeated a number of times until I'm satisfied with the results.
Could I do more to ensure that the people caring for the network as a whole wont fear me pressing the start-button here?
Sounds like a start!
As for advertising stuff in server descriptors, we're moving towards a new way to advertise support for the different sub-protocols that make up the Tor network. I hope that we'll merge it some time over the next month. Please see ticket 19958 and proposal 264 for more information. I'd especially like any comments you can give, from your perspective, before we finalize the design and implementation.
I will not do any classical releases (as in packagable .tar.gz) until I'm past the point where my gut feelings are telling me that my code is reasonably stable for the production network of Tor.
I will, in a very visible location, request that no distribution developers makes any packages of the code until there is a release.
I think this is already the norm, but I guess being explicit won't hurt.
I will write, also in a visible location, a warning that the code is not production ready and that people should probably stick to running a Tor relay using the official Tor daemon and point to the installation instructions on torproject.org.
I think that's a good start too! I'd recommend that everybody who is doing any kind of new cryptography system put a big warning on the early versions this way.
Thanks again for doing this work; it looks exciting!