[metrics-bugs] #29448 [Obfuscation/BridgeDB]: Provide a dir-spec implementation that serves sanitised descriptors

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Feb 11 09:02:41 UTC 2019


#29448: Provide a dir-spec implementation that serves sanitised descriptors
----------------------------------+-----------------------------------
 Reporter:  irl                   |          Owner:  sysrqb
     Type:  project               |         Status:  needs_information
 Priority:  Low                   |      Milestone:
Component:  Obfuscation/BridgeDB  |        Version:
 Severity:  Normal                |     Resolution:
 Keywords:                        |  Actual Points:
Parent ID:                        |         Points:
 Reviewer:                        |        Sponsor:
----------------------------------+-----------------------------------
Changes (by karsten):

 * status:  new => needs_information
 * priority:  Medium => Low


Comment:

 Uhm, wait, we're not violating one of the Tor Metrics principles here. The
 principle we put up is that we're not going to use unpublished data. And
 we're not doing that. We're sanitizing the descriptors before publishing
 them on CollecTor and before processing them in any other of our tools.
 We're not touching the unsanitized bridge descriptors for anything else.

 So, the goal here is basically to extract the sanitizing code from
 CollecTor and put it on the BridgeDB host, probably rewritten in a
 different language. Right?

 I can see the benefits you mentioned. I'm all for removing code from our
 codebase and reducing future maintenance effort!

 However, I can also see the downsides: code complexity of BridgeDB will
 suddenly increase, and whoever runs BridgeDB has one more complex thing to
 take care of. I'd say, given that we're not violating our principles and
 that we didn't plan for this work as part of our roadmap, we should set
 priority to low for now.

 Let's also make sure to coordinate with BridgeDB folks ''before'' somebody
 starts writing new code. Setting to needs_information for that last part.

 By the way, regardless of this specific situation, this is an interesting
 discussion for newly added data in general: where do we sanitize data that
 is too sensitive to be published as is, and who gets to keep that code?
 Let's discuss that more on #29315.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29448#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the metrics-bugs mailing list