[tor-bugs] #31130 [Applications/Tor Browser]: Use Debian 10 for our Android container images

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Oct 29 23:54:23 UTC 2019 

#31130: Use Debian 10 for our Android container images
--------------------------------------+--------------------------------
 Reporter:  gk                        |          Owner:  tbb-team
     Type:  defect                    |         Status:  needs_revision
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-rbm                   |  Actual Points:
Parent ID:  #31127                    |         Points:  0.5
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------------

Comment (by boklm):

 Replying to [comment:21 sisbell]:
 > Replying to [comment:20 boklm]:
 > > `8u222-b10-1~deb9u1` is the version that was built for stretch. Is
 there any reason to use that one rather than `8u222-b10-1` from Unstable?
 > I'm going from your comment:2 which said I should be using snapshot,
 rather than unstable. This 222 version is the one in snapshot. Should I
 switch back to unstable?

 I did not say snapshot rather than unstable, which does not make any sense
 since snapshot contains packages from all suites, including unstable. The
 packages in unstable are changing frequently, so using snapshot.debian.org
 allows us to use the packages that were available on a specific date.

 If we want to use the package from unstable, the latest version that does
 not require a new glibc seems to be `8u222-b10-1`, and we can download it
 from snapshot.debian.org:
 https://snapshot.debian.org/archive/debian/20190930T145141Z/pool/main/o/openjdk-8/openjdk-8-jdk_8u222-b10-1_amd64.deb

 It seems using the package from stretch is an other option. And in this
 case we could use the latest version of the package (which is
 `8u232-b09-1~deb9u1` currently) as it doesn't require a new glibc:
 https://deb.debian.org/debian/pool/main/o/openjdk-8/openjdk-8-jdk_8u232-b09-1~deb9u1_amd64.deb

 > >
 > > Or if we decide to use the package from stretch, then we might as well
 use the latest version of the package (as it shouldn't require a new glibc
 version in this case), which is `8u232-b09-1~deb9u1`.
 >
 > So should we go with stretch from snapshot or the unstable version?
 >

 The package from stretch might be better since it allows us to use a
 version with the latest security fixes. However I don't know if this
 package works correctly on buster, so this needs to be tested.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31130#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list