[tor-bugs] #3374 [Torouter]: Torouter OS and configuration

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Mon Jun 13 14:04:16 UTC 2011


#3374: Torouter OS and configuration
----------------------+-----------------------------------------------------
 Reporter:  runa      |          Owner:  runa
     Type:  task      |         Status:  new 
 Priority:  normal    |      Milestone:      
Component:  Torouter  |        Version:      
 Keywords:            |         Parent:      
   Points:            |   Actualpoints:      
----------------------+-----------------------------------------------------

Comment(by cypherpunks):

 Replying to [comment:29 runa]:
 > Replying to [comment:17 cypherpunks]:
 > > Replying to [comment:9 runa]:
 > > > Replying to [comment:6 cypherpunks]:
 > > > > I propose that we ship the following debian packages:
 > > > > {{{
 > > > > http://packages.debian.org/squeeze/denyhosts
 > > > > http://packages.debian.org/squeeze/openssh-server
 > > > > http://packages.debian.org/squeeze/cron-apt
 > > > > }}}
 > > >
 > > > Sure, looks good.
 > > >
 > > > > I propose that we ship the following Tor Project packages and work
 to get them into Debian ASAP:
 > > > > {{{
 > > > > ttdnsd
 > > > > }}}
 > > >
 > > > I see that some work has already been done to package this for
 Debian (there's a Debian directory in the ttdnsd.git repository). What's
 the status of that?
 > > >
 > >
 > > We have packages for ttdnsd in deb.torproject.org; they're not
 uploaded to Debian.
 >
 > Why not?
 >

 I cannot upload on my own. The next version of ttdnsd will be uploading by
 me to deb.torproject.org and I'll ask helix or weasel to sponsor it.

 > > > Also, I believe that tsocks (which ttdnsd depends on) is out of date
 and that we should use torsocks instead. Thoughts?
 > >
 > > Yes, torsocks is safe, tsocks is not.
 >
 > In that case, shouldn't ttdnsd be updated to use torsocks instead of
 tsocks?
 >

 There has been a bit of work on this - it's not really necessary though,
 ttdnsd is one of the rare safe cases with tsocks.

 > > > > We need to package a few things for this process to work.
 > > > >
 > > > > clockspeed needs to be packaged:
 > > > > http://cr.yp.to/clockspeed.html
 > > > > http://thedjbway.b0llix.net/clocksd/index.html
 > > > >
 > > > > We'd need to install daemontools for clockspeed and this is
 already supported on Debian.
 > > > >
 > > > > An alternative that I trust less is OpenNTPD but it is already
 packaged:
 > > > > {{{
 > > > > openntpd
 > > > > }}}
 > > >
 > > > Why do you trust it less?
 > > >
 > >
 > > djb wrote one, who the hell knows about the other? :-) We absolutely
 must not use ISC software whatever we do.
 >
 > Seems like I missed out on something; why can't we use ISC software (and
 what, on a standard Debian system, classifies as ISC software)?
 >

 ISC is a group of people that write software. They have the worst security
 track record of any group, probably ever. One of the authors in fact has
 the most security bugs ever for a single person. It is typically written
 without security in mind from the start and generally the purpose is to
 get something working. It's good for getting a protocol adopted but it's
 not good for anything we want to do. For example, not getting owned. :)

 > > > > We'll also need the most recent 0.2.3.x Tor release as a Debian
 package, specifically we need to build it with tor-fw-helper. This means
 that we need to package the upnp and natpmp shared libraries.
 > > >
 > > > I assume weasel is the person to ask regarding Debian packages for
 0.2.3.x. Do you want to package upnp and natpmp?
 > >
 > > Want is a curious way to phrase it... :-)
 >
 > I wonder if we should wait with shipping 0.2.3.x until it can be
 considered stable. The purpose of the Torouter is to provide a (cheap)
 consumer-level Internet router that is a tor bridge. Shipping with
 software that cannot be considered stable and/or hasn't been tested in the
 wild may not be a good idea.

 I think we've waited long enough and testing with 0.2.3.x should be fine.
 We're doing releases of it, we should consider it experimental which is of
 course the goal of the Torouter; it is an experiment. If we find it non-
 functional or that it is breaking, we should fix it. We need a UPnP and
 NATPMP client for these devices to work easily.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3374#comment:30>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list