[tor-dev] Reproducibility of Pluggable Transports python.msi

Brandon Wiley brandon at blanu.net
Wed Sep 9 18:43:26 UTC 2015


Another option here, besides getting python to build in gitian is to phase
out support for python-based pluggable transports. It's something to
consider at least. Which transports are still only available in python?

On Sun, Sep 6, 2015 at 7:26 PM, Jeremy Rand <biolizard89 at gmail.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> I was looking at the Gitian descriptor for the pluggable transports at
> https://gitweb.torproject.org/builders/tor-browser-bundle.git/tree/gitia
> n/descriptors/windows/gitian-pluggable-transports.yml
> , and I noticed that it has an input file called "python.msi".
> Furthermore, I noticed the following line in
> https://gitweb.torproject.org/builders/tor-browser-bundle.git/tree/gitia
> n/versions
> :
>
> PYTHON_MSI_URL=https://www.python.org/ftp/python/${PYTHON_VER}/${PYTHON_
> MSI_PACKAGE}
>
> - From this, I conclude that Python is not being built in Gitian, and
> the download from www.python.org is assumed to be safe / not
> backdoored.  Is this correct?
>
> If I'm correct, is there a reason that Python is not being built in
> Gitian?  Was it attempted and found that Python cannot easily be built
> for Windows in Gitian?  Or was it not attempted and just still on the
> to-do list?  I don't see any relevant ticket on Trac.
>
> Thanks,
> - -Jeremy Rand
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJV7Mt1AAoJEAHN/EbZ1y06nL8QAM4qhFMupoippBIvI4JwlLZ6
> Vf4wNWA2/IY+62DQ4hpkPRPX/vT48lJIJnPXUxQ427ruX/txYs+T8Yw/RyiW6eq8
> AWrkj3DZTYE4RtgEnTazA7NEpiv0YFOuRdyKoyjZyR1MAZTWpZ12TS/hkXaksWsx
> mZX7EJMv9GBNthMLGoJ5cpTdXymhbGgvOGcF1esxZlzEQnusbaMjCNHv+GzLXGBr
> xEFUzjuIeuvzZxHgmTqTujjMev9kMYqpRVoyg2JbRhZz/LwbfuQssDMlTRVOmpCu
> FwCw9RbyZyaBzrnoZLbJ9hs6JQz/cKYcv0kOmEncTprc6IVdZDnMj5guT0rwUycn
> r9x0ZB0Uz7FRPnqIgmeHLn9JmFPuF9IWc6Kl3fILNsYMCF+AyOBAB7QVFgSftXMQ
> 2+ifWG6OdAZfM0jau1L6phlILJtvc79ClHhp86wIeSQ7k0mEKn9JOzEg+YRXLS4L
> ZAoTFKSfNrukMtmdUhgb97yl7MA+wsdWCpMybZRpSJQYMiNlL33njG8kYMdbuhX/
> uDTFmc1b3IGWhfRdAtaIK9sZzkTYTzFg30Ypr8uYte7McU+QOMHbWZGZ46KL79k7
> uZxPt2bcKSzEP9KP28Pkz0Hc0v0qGYD0BrAzeYkYVB9FhLQF5vs1jDfn2YI7VQbI
> HSs0NTTkxWHkro3tnzeU
> =jg/n
> -----END PGP SIGNATURE-----
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150909/cb102c7c/attachment-0001.html>


More information about the tor-dev mailing list