[tor-dev] shipping with fallbackdir sources

Jacob Appelbaum jacob at appelbaum.net
Fri Apr 17 21:04:32 UTC 2015

On 4/17/15, Ian Goldberg <iang at cs.uwaterloo.ca> wrote:
> On Fri, Apr 17, 2015 at 08:37:23PM +0200, Peter Palfrader wrote:
>> On Fri, 17 Apr 2015, Jacob Appelbaum wrote:
>> > > I think this list would be created at release time and ship with the
>> > > tor binaries/source.
>> >
>> > That gives a build person a lot of power - should we expect each
>> > distro to do it correctly? I trust that you will do a fine job but I'm
>> > not sure about others...
>> We could expect Nick or Roger to do it correctly when they make Tor
>> releases.

If it ships in a Tor release, we can assume all other packagers will
pass that onward, of course. Still, it could be tampered with if it
doesn't have dir auth signatures. I can imagine a friendly packager
thinking it would be useful to add their own router, for example.

> Remember that the purpose is to help first-time clients, who have never
> used the Tor network before, fetch their very first consensus.  To do
> that, they'll need addresses to contact bundled into the binary and/or
> distro without being able to look at a consensus first.

Of course - I'm merely suggesting that the file shipped is somehow a
regular byproduct of the network rather than the result of a one off
script run at an arbitrary time.

However it is produced, I think it would be good to track each of
these documents once they're shipped as well. I guess it could be done
in git as part of the release process.

All the best,

More information about the tor-dev mailing list