#32550: Static tor in docker container -------------------------------------------------+------------------------- Reporter: thymbahutymba | Owner: phw Type: enhancement | Status: | assigned Priority: Medium | Milestone: Component: Circumvention/Obfs4 | Version: Severity: Normal | Resolution: Keywords: docker, s30-o24a2, anti-censorship- | Actual Points: roadmap-2020Q1 | Parent ID: #31281 | Points: 2 Reviewer: | Sponsor: | Sponsor30-can -------------------------------------------------+-------------------------
Comment (by thymbahutymba): > Another reservation I have is that this approach requires us to keep track of the latest versions of dependencies and their security vulnerabilities, which takes time and effort. Every time we're creating a new docker image, we need to figure out what the latest version of OpenSSL etc. is. A Debian package however takes care of this for us. I don't know the smart reply for such problem. However I think that here the point is that you are putting your trust in Debian packager but different approach can be the rolling-release one, in this case we can update every time the tor-static docker version with the latest release of each library having somehow the benefit of doubt about vulnerabilities. Wheter they are present, after the discover, new version should be available and updating it should solve such problem. Hoping I've clarified my point of view even if I'm not undred percent sure about it. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32550#comment:7> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs