[tor-dev] GNU Guix and Tor Browser Packaging
contact.ng0 at cryptolab.net
Tue Mar 14 08:16:26 UTC 2017
bancfc at openmailbox.org transcribed 1.9K bytes:
> There is a serious Tor Browser packaging effort  being done by ng0
> (GNUnet dev) for the GNU Guix  package manager. GNU Guix supports
Eh, now that the cat is out of the bag (cat's don't belong into bags
anyway), I think I have to do this now and not on my own conditions.
As I told bancfc somewhere else, I've had a short contact with the
trademarks team of torproject. I will get back to you when someone was
able to identify issues in torbrowser which might lead to modifications
of torbrowser (for more details I just hope trademarks at tp.o can
communicate it to you) because all packaged software which is included
in upstream of Guix (master) must follow the GNU Free System
I hope that I have to make as little modifications as possible as I
I am aware that the fingerprint of the browser could change depending on
the kind of changes.
I hope to get back to this task in about 3 weeks, right now I'm busy
with getting more documentation done for another project.
> transactional upgrades and roll-backs, unprivileged package management,
> per-user profiles and most importantly reproducible builds. I have checked
> with Guix's upstream and they are working on making a binary mirror
> available over a Tor Hidden Service.  Also planned is resilience  to
> the attack outlined in the TUF threat model. 
> Back to the topic of Tor Browser packaging. While there are good reasons for
> Debian's pakaging policies they make packaging of fast evolving software
> (and especially with TBB's reliance on a opaque binary VM for builds)
> impractial. Both we and Micah have been doing a good effort to automate
> downloading and validating TBB but I still believe its a maintenance burden
> and Guix may be a way out of that for Linux distros in general.
> What are your thoughts on this?
>  https://www.gnu.org/software/guix/
>  https://github.com/theupdateframework/tuf/blob/develop/SECURITY.md
>  https://lists.gnu.org/archive/html/guix-devel/2017-03/msg00192.html
>  https://lists.gnu.org/archive/html/guix-devel/2017-03/msg00189.html
>  https://lists.gnu.org/archive/html/guix-devel/2017-03/msg00149.html
> tor-dev mailing list
> tor-dev at lists.torproject.org
More information about the tor-dev