On Thu, Jun 23, 2016 at 05:24:58PM -0500, attila wrote:
> Hi ports@,
>
> Here is another try at the Tor Browser Bundle, updated to 6.0.2 just
> today.
>
[...]
>
> All feedback most welcome.
>
Hi,
I would like to ask some questions.
- www/tbb/tor-browser/files/tor-browser.cfg file
where does the configuration comes from you ? is it settings from you
or from TBB ?
I ask due to default bridges configuration (addresses, fingerprints
and certs), and to default plugins configuration. These configuration
settings are very sensible.
- www/tbb/tor-browser/patches/patch-toolkit_xre_nsAppRunner_cpp file
"Revert the file back to ESR45.1.1, all diffs were TB-specific and not
relevant to OpenBSD".
Can you explain why ? The diff is quite large, and reverts elements
like:
- In Tor Browser, remoting is disabled by default unless -osint is
used (so --no-remote isn't the default anymore with TBB).
- Set the application-wide C-locale. Needed to resist fingerprinting
of Date.toLocaleFormat().
- www/tbb/tor-browser/patches/patch-toolkit_xre_nsXREDirProvider_cpp file
You revert TBB specific code for cache data dir: so the port will use
$XDG_CACHE_HOME if defined, or use $HOME/.cache instead of keeping
stuff in GetTorBrowserUserDataDir()
Shouldn't all TBB stuff to be kept under one directory ?
If I understood the purpose of patches in www/tbb/tor-browser (if I
don't consider patches copied from www/firefox-esr or security/nss), it
is to remove specific code in TBB to use ~/.tor-browser instead of the
TBB default to TorBrowser/Data/Browser. But when doing that you also
remove specific code (like anti-fingerprinting or keeping all data under
one well-know directory).
I wonder if it wouldn't be more safe (and facilitating porting on
long-term) to try to not diverge to much from TBB upstream.
- www/tbb/torbutton/patches/patch-src_defaults_preferences_preferences_js
you change log settings to stdout with less level of verbose. if TBB
is launched via desktop menu, there is no console to see the potential
errors. and why less level of verbosity ?
you disable version checking. shouldn't be still enable ? I
understand to no try to update, but if a new version of TBB is
available, having the information could be valuable: else you could
put users at risk if they use an old version (with potentially know
vulnerabilities) due to a no up-to-date port under OpenBSD.
- www/tbb/tor-launcher/patches/patch-src_defaults_preferences_prefs_js
same question than for torbutton about log level and log method
(reducing the verbosity and change output to stdout).
- www/tbb/tor-launcher/patches/patch-src_components_tl-process_js
"Let geoip/geoip6 file paths be set by prefs like everything else. Go
back to old way of munging relative paths, their new way is
effectively a no-op for us anyway."
Do you know why tor devs doesn't use prefs for these settings ? Why do
you think diverging from upstream (and maintains the diff) would be
good if their "new way" is a no-op under OpenBSD ?
And after all these elements, I would like to say that I would be glad
to see support of TBB in OpenBSD :)
Thanks.
--
Sebastien Marie
