#29448: Provide a dir-spec implementation that serves sanitised descriptors ----------------------------------+----------------------------------- Reporter: irl | Owner: sysrqb Type: project | Status: needs_information Priority: Low | Milestone: Component: Obfuscation/BridgeDB | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: ----------------------------------+----------------------------------- Changes (by karsten):
* status: new => needs_information * priority: Medium => Low Comment: Uhm, wait, we're not violating one of the Tor Metrics principles here. The principle we put up is that we're not going to use unpublished data. And we're not doing that. We're sanitizing the descriptors before publishing them on CollecTor and before processing them in any other of our tools. We're not touching the unsanitized bridge descriptors for anything else. So, the goal here is basically to extract the sanitizing code from CollecTor and put it on the BridgeDB host, probably rewritten in a different language. Right? I can see the benefits you mentioned. I'm all for removing code from our codebase and reducing future maintenance effort! However, I can also see the downsides: code complexity of BridgeDB will suddenly increase, and whoever runs BridgeDB has one more complex thing to take care of. I'd say, given that we're not violating our principles and that we didn't plan for this work as part of our roadmap, we should set priority to low for now. Let's also make sure to coordinate with BridgeDB folks ''before'' somebody starts writing new code. Setting to needs_information for that last part. By the way, regardless of this specific situation, this is an interesting discussion for newly added data in general: where do we sanitize data that is too sensitive to be published as is, and who gets to keep that code? Let's discuss that more on #29315. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29448#comment:1> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs