On Mon, Apr 27, 2015 at 1:18 PM, Bill Allombert <ballo...@debian.org> wrote: > Would you mind writing a popcon FAQ entry <http://popcon.debian.org/FAQ> > to document this ?
Sure (I'll be in VAC for 6 weeks tho) > 1) USETOR should use the same convention as ENCRYPT: yes/maybe/no instead of > always/auto/no I see "maybe" as confusing to the user, and being explicit is better, especially when it comes to security. I would rather suggest avoiding "automatic" behavior where possible. > 2) It is a bit awkward that USETOR depends on USEHTTP. It would seems more > orthogonal if USETOR was an alternative transport or applied to all other > transports, or an option for USEHTTP (e.g. USEHTTP=tor). We are really using HTTP and Tor together in this use case. In future we might have other secure transports, e.g. USETOR + USEHTTPS. I would recommend against enabling Tor (using exit nodes!) with every protocol because some might be quite insecure (e.g. with cleartext SMTP) > Imagine a large red swirl here. *imagining* -- Federico -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org