On 18 August 2017 at 17:15, Roger Dingledine arma@mit.edu wrote:
On Fri, Aug 18, 2017 at 01:45:58PM -0700, Shari Steele wrote:
Thanks for bringing this to my attention. I'm going to respond to you privately to help clarify this some more.
The alternative is that we get dedicated computers from Hetzner, and pay ~$100/mo for Tor Browser build machines. I think we have something like two of those that we pay for right now: one for Windows builds, and one for Tor Messenger builds, and we've been talking about getting a third to help the Tor Browser team do builds.
It's not clear to me whether getting the Hetzner computer is the better or worse idea. There's the price tradeoff; also maybe we're looking for different security goals, e.g. between sandbox developer computers vs official build machines; and maybe the Cloud image is easier for people to work with. But in an ideal world, we would pick the better idea and stop needing to do the worse one. :)
I don't think we should trust these for security much at all, only for testing or untrusted development. But you can do a lot on an untrusted development box.
Price is then the one axis, the other access is accessibility. The advantage of EC2 is that when we publish the development image, anyone who wants to contribute to Tor Browser and is willing to pay their own cost can get a pre-set up dev environment that they know will compile correctly (and quickly). That's advantageous. I don't know if Hetzner has anything similar. (And we can spin up more with zero configuration, and revert with zero effort.)
That said, I tried to do this a long time ago before reproducible builds with a Windows AMI, and I don't think anyone used it. Maybe because it was Windows, maybe I'm just overestimating the willingness of the community to pay for a machine to get a working dev env.
-tom