[tor-talk] Tor Browser Bundle w Linux Packaging & TAILS improvements/new distribution

Chris tmail299 at errtech.com
Tue Dec 13 03:34:03 UTC 2011

> On Fri, 9 Dec 2011 04:59:37 -0500
> "Chris" <tmail299 at errtech.com> wrote:
>> I have a number of questions and requests for possible changes to the
>> Tor Browser Bundle.
> Have you read the TBB design document? It may answer many more
> questions, https://www.torproject.org/projects/torbrowser/design/.

Yes. I don't think it answered my questions though.

>> Why is the current Tor Browser Bundle for Linux not available in the
>> Tor repository?
> TBB for linux is not a deb nor rpm based on packaging guidelines. There
> is nothing to install per se. It's a simple tarball that is extracted.
> We sign every package, so the tarball is signed and can be validated.

The above design document talks about avoiding usability issues. Some
things it puts out of the scope of its ability. I feel some things are
within its scope though even though it would take others (like the Tails
project) to actually implement a complete solution or the user.

While I would not suggest eliminating the tarball completely as there is
more to the world than just debian I do think the manual installation is
cumbersome and risky for the user. It make no sense to recommend manual
installation when there is a better system that is already being used.

Users do not understand authentication and so the need for such
authentication should be done away with. Package management systems
already do the authentication bit and make updating (good for security)
easy. One of the reasons Microsoft Windows is such a dangerous platform
for users is there are dozens of different update applications.

Adding it to the repository is what would make this feasible. It doesn't
need to be in debian's repository. Just in Tor's repository.

It has been mentioned elsewhere that the project needs other distribution
methods to help get Tor into countries where it is banned. Here is a
perfectly good one. Especially if it ended up in debians main repository.

>> Tails requires users to download a new disc each time an update is
>> released as well. Like the Tor Browser Bundle this too gives an
>> attacker more of an opportunity to compromise a Tor user.
> There's a project called thandy that will allow for partial updates of
> TBB. Tails is a separate project, you should talk to them directly.
> Thandy can be found at https://gitweb.torproject.org/thandy.git.
>> The second thing I was wondering relates to Tails. Why does Tails
>> need to be downloaded each time an update is released? If the goal is
>> a read-only medium there are newer methods to make writeable media
>> read-only without having to burn a new CD each time and update is
>> released or reload a distribution.
> Tails is a separate project, you should ask them. You may also find
> https://trac.torproject.org/projects/tor#LiveCDUSB the other projects
> helpful too.

I have never received any kind of response that made sense from them. It
is as if everybody wants to avoid putting out a safe usable solution for

I think the idea of Tails is great. It is just badly implemented.

> --
> Andrew
> pgp 0x74ED336B
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

More information about the tor-talk mailing list