[tor-bugs] #26848 [Core Tor/sbws]: Create Debian package for sbws

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jul 19 17:04:30 UTC 2018 

#26848: Create Debian package for sbws
---------------------------+-------------------------------------
 Reporter:  juga           |          Owner:  juga
     Type:  defect         |         Status:  assigned
 Priority:  Medium         |      Milestone:  sbws 1.0 (MVP must)
Component:  Core Tor/sbws  |        Version:
 Severity:  Normal         |     Resolution:
 Keywords:                 |  Actual Points:
Parent ID:  #25925         |         Points:
 Reviewer:                 |        Sponsor:
---------------------------+-------------------------------------

Comment (by dkg):

 irl, i can't tell if you're "really not convinced it's a good idea" or if
 you're "really convinced it's not a good idea". :)

 having a debian package can help for identifying problems, for system
 integration, and for ease of updates.

 If there's a real concern about people measuring the network who shouldn't
 be, then i'm not sure that the presence of software in the debian
 repository or not is going to stop any even mildly interested actor.  If
 you want to ensure that only "the right" people run sbws, you could have
 the dedicated debian system service do some sort of verification that it
 is on a host that is "acceptable", and then decline to run unless the
 administrator overrides it, but that seems like a lot of work to put in to
 an antifeature in free software.

 as for the cadence of uploads to stable-backports -- packages with a
 passing [DEP-8 autopkgtest testsuite](https://dep-
 team.pages.debian.net/deps/dep8/) and no outstanding RC bugs can [migrate
 from unstable to testing in less time](https://lists.debian.org/debian-
 devel-announce/2018/05/msg00001.html), which allows for an upload to
 stretch-backports faster.  It also means that we can rely on debian's
 testing infrastructure to verify basic package functionality on minimal
 systems.  taking advantage of that continuous integration infrastructure
 seems like a good idea regardless of the package migration times.

 what cadence do we expect bandwidth measurement upgrades to take anyway?
 do current measurement sites deploy them in hours instead of days today?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26848#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list