* Green Dream [2016-08-30 21:39:34 -0700]:
chad> 1) anyone can create packages for others without review, 2) security
is better
These two concepts seem fundamentally at odds. Perhaps I have
misunderstood you. How would unreviewed code be better for security?
Good
News: Package is at Tor 0.2.8.7, which was released yesterday.
* Roger Dingledine [2016-08-25 00:33:14 -0400]:
Nice idea!
Other people here have very valid points about the security and
maintability side of things, but I'll add another point: It looks like the
conservative
On Wed, Aug 24, 2016 at 09:47:56AM -0400, Chad MILLER wrote:
> I made a tor-middle-relay package, so the TVs, Wifi Routers,
> Toasters, Self-driving Cars, Phones... of the world that are running
> that new kind of Ubuntu (or other OS that implements this package
> system!) can also help the Tor
> Ubuntu/Debian doesn't have the latest version of Tor. You should use the
> official repository: https://www.torproject.org/docs/debian.html.en
I already use this repo for all my relays :)
<3,
--
Aeris
Individual crypto-terrorist group self-radicalized on the digital Internet
> Currently not on Xenial and Jessie (even in backport). ><
Don’t match 2.8.6 too :
snap
ba16ce2958119a238d7931e709f30e932938218f
ubuntu yakkety tor_0.2.8.6-3ubuntu1_amd64.deb
5839f7b8bdc74cc26c829452d458d5c797ff3666
official tor tor_0.2.8.6-3_amd64.deb
Ubuntu/Debian doesn't have the latest version of Tor. You should use the
official repository: https://www.torproject.org/docs/debian.html.en
On Aug 24, 2016 12:50 PM, "Aeris" wrote:
> > Aeris, I should be worried if any of those matched. Did you know 0.2.8 is
> > out?
>
>
> Aeris, I should be worried if any of those matched. Did you know 0.2.8 is
> out?
Currently not on Xenial and Jessie (even in backport). ><
<3,
--
Aeris
Individual crypto-terrorist group self-radicalized on the digital Internet
https://imirhil.fr/
Protect your privacy, encrypt your
* Aeris [2016-08-24 19:25:31 +0200]:
much less an untrusted tor package
For information, the tor binary inside the snap doesn’t match any official
upstream I can find…
SHA1
Snap
ba16ce2958119a238d7931e709f30e932938218f
Xenial (tor_0.2.7.6-1ubuntu1_amd64.deb)
> much less an untrusted tor package
For information, the tor binary inside the snap doesn’t match any official
upstream I can find…
SHA1
Snap
ba16ce2958119a238d7931e709f30e932938218f
Xenial (tor_0.2.7.6-1ubuntu1_amd64.deb)
997b717acaf2077708beba39a05adb30c014dfb2
Debian Jessie
On Wed, Aug 24, 2016 at 05:33:43PM +0200, Jan Vidar Krey wrote:
> On Wed, Aug 24, 2016, at 16:43, Aeris wrote:
> > > 2) security is better
> >
> > Sorry to say that, but : no. It’s very weaker than plain old Debian
> > package.
> >
>
> This is a matter of perspective on the "security"
> This is a matter of perspective on the "security" definition.
Yep of course :P
For desktop-purpose, snap can eventually be interresting. You only put
yourself at risk.
For server-purpose, you also put your users at risk, and in case of Tor, it’s
very safer for them to run Tor with at least
On Wed, Aug 24, 2016, at 16:43, Aeris wrote:
> > 2) security is better
>
> Sorry to say that, but : no. It’s very weaker than plain old Debian
> package.
>
This is a matter of perspective on the "security" definition.
The snaps does run in a separate container group, so it does have
some more
> 2) security is better
Sorry to say that, but : no. It’s very weaker than plain old Debian package.
Currently, your snap embeds :
libevent
openssl
pthreads
libasan2
libubsan
python 2.7
python-torctl
tor-arm
tor
Any
tl;dr: $ sudo apt install snapd; sudo snap install tor-middle-relay
Hi.
Ubuntu has been working on a new kind of software package* that aims for
isolation from the rest of the system, so 1) anyone can create packages for
others without review, 2) security is better, and 3) it can be the
14 matches
Mail list logo