[tor-dev] The future of GetTor

ilv ilv at riseup.net
Thu Jun 18 22:19:41 UTC 2015

Hi Griffin,

On 16/06/15 05:54, Griffin Boyce wrote:
>   While I don't necessarily want to discourage you from working on
> GetTor, it's worth noting the duplicated effort in terms of distribution
> apps.  My primary project makes downloading Tor (and other privacy
> software) from un-censored sources easy, verifying sha256 hashes easy,
> along with distributing tutorials and bridges [1][2].

Au contraire, thanks for pointing this out. I'm familiar with your work,
I just forgot to mention it as a reference of similar work. And yes, the
idea is not to duplicate effort :)

>   The project is called Satori -- it's under heavy development, but has
> traction, particularly in Iran and China [3].  Satori comes partly from
> the fact that I don't scale -- 1-to-1 distribution is important but
> takes a lot of time and a handful of trainers can't help everyone.  So I
> can write applications and increase my positive impact (particularly
> once guides are included and translations are finished).  Downloads are
> via accessible CDNs and torrents.

Although the result would be similar (the desktop flow is pretty much
what we want), for the moment I'm not sure if we want do it in the same
way. We're still brainstorming though.. (I'll create a wiki page and
send it later in this thread in case you want to collaborate).

When new versions of Tor Browser are available, how does the update
process works in Satori (uploading it, doing checksums, etc)?

>   To answer your questions:  1) distributors are important IMO (see
> above).  2) I've always liked the idea of email autoresponders for
> software, but as the size of the Tor Browser increases, I'm not sure how
> viable it will be.  It may be worthwhile to experiment with sending
> unblocked CDN links and torrent files.  3) I considered an API but don't
> think it would work as it just recreates the single point of failure
> that one is trying to avoid with this kind of project.  At least for me,
> the focus on CDN and bittorrent-based software distribution make the
> most sense.

With respect to point 2), we do not send attachments, we're sending
Dropbox links and soon enough we'll be sending Github links too.

About 3), right now we're figuring out if we can use an API (or
something similar) with some sort of mirroring approach that could help
us avoid the single point of failure that you mention. As I said, we're
still discussing, so we might get to the same conclusion as you :)

Thanks for your comments Griffin!


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150618/6d549ef7/attachment.sig>

More information about the tor-dev mailing list