Project

General

Profile

Packaging request #874

[tor-browser] add package for PCR

totalchaos - over 4 years ago - . Updated 4 months ago.

Status:
open
Priority:
wish
Assignee:
-
% Done:

0%


Description

Tor Browser Bundle: Anonymous browsing using Firefox and Tor
I guess it will be a crucial part of Parabola's nonprism suite, thus making Parabola the logical choice for users, that value their privacy.
https://www.torproject.org/projects/torbrowser.html.en

History

#1

Updated by GNUtoo over 4 years ago

There are several issues to handle here:
  • Is tor-browser suggesting non-free software with "get add-ons"?
    • The tor-browser and Tor project suggest not to install any add-ons (reference needed), this is to prevent the user's browser from looking different and unique
    • We should probably try to disable that feature instead. But we should be very careful at not changing how the modified tor-browser looks on the internet, else it becomes dangerous and useless (you will be uniquely identified). We probably need to check that with tor-browser developers, and make them review the change.
  • Since there is this add-on issue, we can't use stock tor-browser for now, which is really problematic, we loose:
    • Reproducible builds
    • The possibility not to make a tor-browser-libre package but instead a tor-browser installer. This would have been desirable because it has a nice auto-update feature. You also would get a reproducible build.
#2

Updated by pizzaiolo over 4 years ago

I think your first point could be suggested upstream at the Tor Project, that would be a very good idea.

#3

Updated by Anonymous about 4 years ago

  • Subject changed from tor-browser to [tor-browser] add package for PCR
#4

Updated by GNUtoo over 3 years ago

I've made some research but forgot to report back:
The add-on page can be changed in about:config.

However extra care must be taken not to make a tor-browser-libre distinguishable from the tor-browser.
Some information about plugins updates can be found in the following (fixed) security bug: http://seclists.org/dailydave/2016/q3/51

#5

Updated by GNUtoo almost 2 years ago

See also the same bug for another FSDG compliant distribution: https://tracker.pureos.net/T343

#6

Updated by ovruni over 1 year ago

  • Priority changed from bug to wish
#7

Updated by GNUtoo 4 months ago

Here are some pointers to the status of this issue:
  • The following wiki page has information on the status of the tor-browser port to other architectures (arm and ppc64le)
  • The following bug report has information on getting rid of the add-on repository.

Thanks to Jeremy Rand for working on both.

#8

Updated by bill-auger 4 months ago

the auto-update feature makes this program not well fit for any distro - every program that i know of, which has such a feature, has it disabled in parabola builds

there is hardly any reason to package any program with with an auto-update feature - anyone who installs the package would only be using the packaged build until the next auto-update (like maybe the very next day in this case); and then will be using the upstream binary from then on - one really may just as well get the upstream binary in the first place, saving us the trouble of maintaining yet another mozilla beast

Also available in: Atom PDF