[tbb-dev] So, about the Linux sandbox in the long term?

Yawning Angel yawning at schwanenlied.me
Fri May 26 11:22:36 UTC 2017


Hello,

I'm curious what the long term plans for the sandbox are, because as it
stands and unless I hear differently, the current status is something
along the lines of:

 * I will poke at it if something really bothers me, and I have the
   time.

 * I will fix bugs if something breaks for me.

 * Someone submits well written patches, which I will review and merge,
   if I like the patches. 

   nb: The "if I like the patches" clause is so that it doesn't turn
   into a lisp interpreter masquerading as a text editor, that also
   happens to launch a browser.  This is also largely moot, check the
   git history to see why.

A few months ago I sent a detailed list of what remains to be done, and
a time estimate assuming someone was working full time.  However, to
be frank, I am increasingly uncertain as to if doing the improvements
(beyond the security/hardening ones) makes any sense because:

 * It is my belief that the current Tor Browser architecture is
   diametrically opposed to what is required for proper
   containerization.

   While `sandboxed-tor-browser` makes a valiant effort, the approach
   is hampered and limited by what it has to work with, and it will
   forever be stuck reimplementing large chunks of functionality from
   firefox, torbutton, and tor-launcher.

 * I am a terrible UI programmer, and looking ahead, it will become
   increasingly untenable for the sandbox code to chase the incoming
   tor-launcher changes, in particular it is unlikely that I will be
   willing or able to replicate the UI/UX improvements or the
   circumvention auto-discovery feature.

   It would be a colossal waste of resources to re-implement something
   like "auto discover bridges".

So, if people have a better plan than "the only guaranteed maintenance
it gets is that it will get fixes when it breaks on Yawning's laptop,
or when people submit detailed bug reports that Yawning can fix in
spare time", I'm open to hearing them now.

Regards,

-- 
Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20170526/34d00a1f/attachment.sig>


More information about the tbb-dev mailing list