[tor-dev] GNU Guix and Tor Browser Packaging
bancfc at openmailbox.org
bancfc at openmailbox.org
Mon Mar 13 22:31:24 UTC 2017
There is a serious Tor Browser packaging effort [3][4] being done by ng0
(GNUnet dev) for the GNU Guix [0] package manager. GNU Guix supports
transactional upgrades and roll-backs, unprivileged package management,
per-user profiles and most importantly reproducible builds. I have
checked with Guix's upstream and they are working on making a binary
mirror available over a Tor Hidden Service. [2] Also planned is
resilience [2] to the attack outlined in the TUF threat model. [1]
Back to the topic of Tor Browser packaging. While there are good reasons
for Debian's pakaging policies they make packaging of fast evolving
software (and especially with TBB's reliance on a opaque binary VM for
builds) impractial. Both we and Micah have been doing a good effort to
automate downloading and validating TBB but I still believe its a
maintenance burden and Guix may be a way out of that for Linux distros
in general.
What are your thoughts on this?
***
[0] https://www.gnu.org/software/guix/
[1] https://github.com/theupdateframework/tuf/blob/develop/SECURITY.md
[2] https://lists.gnu.org/archive/html/guix-devel/2017-03/msg00192.html
[3] https://lists.gnu.org/archive/html/guix-devel/2017-03/msg00189.html
[4] https://lists.gnu.org/archive/html/guix-devel/2017-03/msg00149.html
More information about the tor-dev
mailing list