[tor-relays] Operator straw poll: Reasons why you use Tor LTS versions?
teor
teor at riseup.net
Sat Sep 7 10:20:06 UTC 2019
Hi,
On 6 Sep 2019, at 20:14, Roman Mamedov <rm at romanrm.net> wrote:
>> Where does the security weakpoint risk come from? Does
>> apt-transport-tor/onion service repository availability help in your
>> mind here?
>
> As with adding any third-party repository, it means trusting the repository
> provider to install and run any root-privilege code on the machine. In case
> the repository server (or actually the release process, including signing) is
> compromised, on the next update it can serve malicious or backdoored versions
> of the software. So naturally from the security standpoint it is beneficial to
> add (and trust) as few repositories as possible, just to reduce the "attack
> surface".
So one thing Tor could do here is run easily and securely without root?
T
More information about the tor-relays
mailing list