[tor-dev] GNU Guix and Tor Browser Packaging

ng0 contact.ng0 at cryptolab.net
Tue Mar 14 08:16:26 UTC 2017 

bancfc at openmailbox.org transcribed 1.9K bytes:
> There is a serious Tor Browser packaging effort [3][4] being done by ng0
> (GNUnet dev) for the GNU Guix [0] package manager. GNU Guix supports

Eh, now that the cat is out of the bag (cat's don't belong into bags
anyway), I think I have to do this now and not on my own conditions.

Hi!

As I told bancfc somewhere else, I've had a short contact with the
trademarks team of torproject. I will get back to you when someone was
able to identify issues in torbrowser which might lead to modifications
of torbrowser (for more details I just hope trademarks at tp.o can
communicate it to you) because all packaged software which is included
in upstream of Guix (master) must follow the GNU Free System
Distribution Guidelines.
I hope that I have to make as little modifications as possible as I
I am aware that the fingerprint of the browser could change depending on
the kind of changes.

I hope to get back to this task in about 3 weeks, right now I'm busy
with getting more documentation done for another project.

> transactional upgrades and roll-backs, unprivileged package management,
> per-user profiles and most importantly reproducible builds. I have checked
> with Guix's upstream and they are working on making a binary mirror
> available over a Tor Hidden Service. [2] Also planned is resilience [2] to
> the attack outlined in the TUF threat model. [1]
> 
> Back to the topic of Tor Browser packaging. While there are good reasons for
> Debian's pakaging policies they make packaging of fast evolving software
> (and especially with TBB's reliance on a opaque binary VM for builds)
> impractial. Both we and Micah have been doing a good effort to automate
> downloading and validating TBB but I still believe its a maintenance burden
> and Guix may be a way out of that for Linux distros in general.
> 
> What are your thoughts on this?
> 
> 
> 
> 
> 
> ***
> 
> [0] https://www.gnu.org/software/guix/
> [1] https://github.com/theupdateframework/tuf/blob/develop/SECURITY.md
> [2] https://lists.gnu.org/archive/html/guix-devel/2017-03/msg00192.html
> [3] https://lists.gnu.org/archive/html/guix-devel/2017-03/msg00189.html
> [4] https://lists.gnu.org/archive/html/guix-devel/2017-03/msg00149.html
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

More information about the tor-dev mailing list