On 4/17/15, Ian Goldberg <i...@cs.uwaterloo.ca> wrote: > On Fri, Apr 17, 2015 at 08:37:23PM +0200, Peter Palfrader wrote: >> On Fri, 17 Apr 2015, Jacob Appelbaum wrote: >> >> > > I think this list would be created at release time and ship with the >> > > tor binaries/source. >> > >> > That gives a build person a lot of power - should we expect each >> > distro to do it correctly? I trust that you will do a fine job but I'm >> > not sure about others... >> >> We could expect Nick or Roger to do it correctly when they make Tor >> releases.
If it ships in a Tor release, we can assume all other packagers will pass that onward, of course. Still, it could be tampered with if it doesn't have dir auth signatures. I can imagine a friendly packager thinking it would be useful to add their own router, for example. > Remember that the purpose is to help first-time clients, who have never > used the Tor network before, fetch their very first consensus. To do > that, they'll need addresses to contact bundled into the binary and/or > distro without being able to look at a consensus first. Of course - I'm merely suggesting that the file shipped is somehow a regular byproduct of the network rather than the result of a one off script run at an arbitrary time. However it is produced, I think it would be good to track each of these documents once they're shipped as well. I guess it could be done in git as part of the release process. All the best, Jake _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
