[tor-talk] Not comfortable with the new single-hop system merged into Tor

[grarpamp]

The default is off so there's no problem as I see it.
Resonating SJL and others on this re onionland opsec we've
observed since day one.
And if someone gains write access to your torrc, you're done anyways
(btw, torrc should also be possible to compile in static).
I would not make it a controller option, but would show
its status in controller.
And I wouldn't set downstream or embedded stuff
like GlobalLeaks to ship with it on by default.
A separate branch for this is dumb... if you really care
./configure --(enable|disable)-single-hop-onions .
Users of downloaded tor binaries have far bigger learning curve,
models, and risks to hurdle over before this ever matters.