ban...@openmailbox.org transcribed 1.9K bytes: > There is a serious Tor Browser packaging effort [3][4] being done by ng0 > (GNUnet dev) for the GNU Guix [0] package manager. GNU Guix supports
Eh, now that the cat is out of the bag (cat's don't belong into bags anyway), I think I have to do this now and not on my own conditions. Hi! As I told bancfc somewhere else, I've had a short contact with the trademarks team of torproject. I will get back to you when someone was able to identify issues in torbrowser which might lead to modifications of torbrowser (for more details I just hope trademarks@tp.o can communicate it to you) because all packaged software which is included in upstream of Guix (master) must follow the GNU Free System Distribution Guidelines. I hope that I have to make as little modifications as possible as I I am aware that the fingerprint of the browser could change depending on the kind of changes. I hope to get back to this task in about 3 weeks, right now I'm busy with getting more documentation done for another project. > transactional upgrades and roll-backs, unprivileged package management, > per-user profiles and most importantly reproducible builds. I have checked > with Guix's upstream and they are working on making a binary mirror > available over a Tor Hidden Service. [2] Also planned is resilience [2] to > the attack outlined in the TUF threat model. [1] > > Back to the topic of Tor Browser packaging. While there are good reasons for > Debian's pakaging policies they make packaging of fast evolving software > (and especially with TBB's reliance on a opaque binary VM for builds) > impractial. Both we and Micah have been doing a good effort to automate > downloading and validating TBB but I still believe its a maintenance burden > and Guix may be a way out of that for Linux distros in general. > > What are your thoughts on this? > > > > > > *** > > [0] https://www.gnu.org/software/guix/ > [1] https://github.com/theupdateframework/tuf/blob/develop/SECURITY.md > [2] https://lists.gnu.org/archive/html/guix-devel/2017-03/msg00192.html > [3] https://lists.gnu.org/archive/html/guix-devel/2017-03/msg00189.html > [4] https://lists.gnu.org/archive/html/guix-devel/2017-03/msg00149.html > _______________________________________________ > tor-dev mailing list > tor-dev@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
