Hi, On 6 Sep 2019, at 20:14, Roman Mamedov <r...@romanrm.net> wrote:
>> Where does the security weakpoint risk come from? Does >> apt-transport-tor/onion service repository availability help in your >> mind here? > > As with adding any third-party repository, it means trusting the repository > provider to install and run any root-privilege code on the machine. In case > the repository server (or actually the release process, including signing) is > compromised, on the next update it can serve malicious or backdoored versions > of the software. So naturally from the security standpoint it is beneficial to > add (and trust) as few repositories as possible, just to reduce the "attack > surface". So one thing Tor could do here is run easily and securely without root? T _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays