[tor-dev] The future of GetTor

ilv ilv at riseup.net
Thu Jun 18 22:37:07 UTC 2015


> The distributor sounds like a great idea, but, with Option 2, the user should always be able to fall back to actual links to the cloud services (wherever possible). This allows users who have trouble with the automated download to retry later, perhaps at a different location, or with a different browser.

Yes, this makes a lot of sense. This means that we'll need to have
hardcoded values in the distributor. Using the front domain technique
could help here to avoid blocking those harcoded URLs.

>> 2) In case we develop the distributor, should the email autoresponder
>> remain?
> I'm a big fan of diversity in distribution methods, but there are only a limited number of software maintainers…

True that.

>> 3) If you agree on developing the distributor, what option you think
>> would fit better? (please suggest better options)
> If the distributor is a backend (Option 1), it would help to have mirror(s). But I wonder if we are just re-creating a single point of failure, and would be better using a CDN. It would be a terrible experience to succeed in downloading an app, only to find that the distributor was blocked.

Yes, I'm thinking that, in the end, having an API and mirrors would be
the same as doing Option 2 (e.g. having static mirrors on a CDN).

> Is it possible to submit an app to the app stores (I am thinking Apple's restrictions, here) that would bootstrap a Tor Browser download over the Tor network?
> For example:
> 1. Download app
> 2. The app has various CDN links (or a way of getting them) and a some predefined bridges
> 3. The app tries the CDN links and bridges in order of reliability / expense
> 4. If the links or bridges fail, the user gets advice on how to find new, uncensored links or bridges and input them.
> 5. App downloads and verifies Tor Browser using the CDN or the Tor network
> In most cases, the user experience would be one-click:
> 1. Open the app
> 2. See a recommended option highlighted out of a list of working options
> 3. click download
> 4. see a progress bar
> 5. Get a verified Tor Browser

Yes, the use experience that you mention is what we're looking for.
About using the Tor network... I'm not sure about it. It's like using
Tor to download Tor? Still, I'll write it down as an option.

Thanks teor!


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150618/d6a08e80/attachment.sig>

More information about the tor-dev mailing list