[tor-relays] new relay package for Ubuntu 16.04+
Aeris
aeris+tor at imirhil.fr
Wed Aug 24 14:43:54 UTC 2016
> 2) security is better
Sorry to say that, but : no. It’s very weaker than plain old Debian package.
Currently, your snap embeds :
libevent
openssl
pthreads
libasan2
libubsan
python 2.7
python-torctl
tor-arm
tor
Any security change on one of those embeded libraries require *you* rebuild
and upload a new snap to fix the problem. This is very problematic for at
least openssl (very frequent security fix) and tor/torctl/tor-arm (now, *you*
need to follow every official releases of those 3 parts and deliver a new snap
each time).
On a plain old Debian package, a security change impacts only *one* package
(not *all* apps) and require only *the maintainer* of the lib package (not
*all* apps ones) to rebuild and deploy. And this fixes *every* other package
using this lib without extra step.
Snap, docker and more generally all packaging system embeding libs inside are
just a nightmare in terms of security update.
<3
--
Aeris
Individual crypto-terrorist group self-radicalized on the digital Internet
https://imirhil.fr/
Protect your privacy, encrypt your communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72
https://café-vie-privée.fr/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160824/cb270efc/attachment.sig>
More information about the tor-relays
mailing list