Re: [tor-dev] TUF Repository for Tor Browser

ban...@openmailbox.org: > Thanks Lunar for the update. I thought the effort to upstream TBB had > completely stalled because there was no activity on #3994. Good to know its > still alive. > > Is there somewhere I could look to track progress besides that ticket? Don't misunderstand me. To the

Re: [tor-dev] TUF Repository for Tor Browser

On 2016-06-10 18:27, Lunar wrote: ban...@openmailbox.org: Rehash of previous discussions on the topic: See #3994. The major reasons why TBB is not in the Debian repository: * The reproducible build system depends on a static binary image of (then Ubuntu) which runs counter to Debian

Re: [tor-dev] TUF Repository for Tor Browser

carlo von lynX writes: > The README sounds good, but it being implemented in python adds quite > a heavy additional dependency. My understanding is that TUF is two things: a spec, and a reference implementation (in Python). I'm sure other implementations would be

Re: [tor-dev] TUF Repository for Tor Browser

ban...@openmailbox.org: > Rehash of previous discussions on the topic: See #3994. > The major reasons why TBB is not in the Debian repository: > > * The reproducible build system depends on a static binary image of (then > Ubuntu) which runs counter to Debian policy. It's likely not a problem

Re: [tor-dev] TUF Repository for Tor Browser

On Fri, Jun 10, 2016 at 04:22:04PM +0200, ban...@openmailbox.org wrote: > In light of the technical obstacles that prevent packaging Tor > Browser (see below), I propose operating a repository that relies on > The Update Framework (TUF) [0]. TUF is a secure updater system > designed to resist many

[tor-dev] TUF Repository for Tor Browser

In light of the technical obstacles that prevent packaging Tor Browser (see below), I propose operating a repository that relies on The Update Framework (TUF) [0]. TUF is a secure updater system designed to resist many classes of attacks [1]. Its based on Thandy (the work of Roger, Nick,