-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi,
I hope this is the right place to ask questions from a Tor centric linux distribution packager perspective. Asking as a maintainer of Whonix. Next version of Whonix will be based on Debian testing (jessie). [Pretty much ready for release. This is one of the last questions to be sorted out.] Torproject's jessie [1] repository still contains Tor 0.2.3.25-1, while experimental-wheezy [2] already contains Tor 0.2.4.17-rc-1. Due to the botnet issue, 0.2.4 provides a much better user experience than 0.2.3. Now I am wondering which apt repository should be enabled by default in next Whonix version. I could temporarily add experimental-jessie during the build process and after installing Tor, reset it to jessie. That doesn't seem like a good idea, because when experimental-jessie gets a security update, chances are bad, that this security update also comes through the jessie repository. As long as the Tor version in the jessi repository wouldn't be higher than the installed on. Tails will use 0.2.4 and I have no objections against 0.2.4 in its current state either. But Whonix can't be compared with Tails in that way. Tails is a Live DVD and has a planed and working release cycle, while Whonix is conceptually an installed operating system and releases are less frequent, Whonix can be updated using apt-get [and time is rare, and no else willing to regularly create builds]. So when next Whonix version comes with the experimental-jessie repository enabled by default, it would later be difficult to downgrade that version to the jessie repository. Another option I would like to avoid is uploading Tor to Whonix's own apt repository. I am hesitant doing this, because Whonix doesn't have any packages containing binary code yet [they are fetched from Debian] and, because that could look fishy and because it add maintenance burden, since I would have to keep up with torproject's releases. None of these options looks good. Any recommendations? Cheers, adrelanos [1] http://deb.torproject.org/torproject.org/dists/jessie/main/binary-i386/Packages [2] http://deb.torproject.org/torproject.org/dists/experimental-jessie/main/binary-i386/Package -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJSL8D7AAoJEJwTGtNxOq7vrwwP/jnyFkeFk+CIkLupWfNgf16z xLFpsbcs1PeF+m70aKtmK3CgAQcotX+cmMWUFkmZEE8PAPPt8zQCRZEqs4V2KELR oJ7tbmzWxnX+/6sxOrHUnZGu01dpHI19vlhf1PUZMkpGjRqbSNVLgdQcyZ3tsV1W lvJFCeUxJe7MojcR9nWQJT+Y0ppF1WwdWe9OLLpflxIzuvQb/bZCjmB4GqAMdS/b vxxWX1WBv443vzOftFL1w8IB3wyUxE9sZocpsdzUsW16pN0yxZcwpTwK3v+aBvZO oyU3qyefIgPyQtebHPJha/nHrczsw6sbDD3v9AJ8SPUJNjlRuRrxO3lKQjlC43EK F7Ou5CCIRtwUKP49n6ApI1y4bWfa7aapR8kSlmjcSpHK+ksBry5Kttlz3UuRu7GV oEDyTO4k8jTTA6A2/1/mULPACDIeS0fKj5sprEu2h46NzH8GXEfH5MAYYxBepKI4 1e2sO5I/QaiQUvov3E94Eb33t3oStvmjqwEAsI/hqR58qn64m/Z3S8K7vCrzIFir tibPRoBqlGw7j5XJKbcx38AxnYqfjw/dyn2HVMV2Ui8MvR2No4tdIpheqnV/m+9i vOYO6aFfZDgNrzMFAFlOHyl+F/OXDrOYVhyc1PoQJS0P4eekPdqUDtnY1eWlibGf n8BetkCH2F2wA8tMF1xo =nOUu -----END PGP SIGNATURE----- -- tor-talk mailing list - [email protected] To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
