-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Stuart Henderson <st...@openbsd.org> writes: > On 2015/03/15 20:54, Landry Breuil wrote: >> On Sat, Mar 14, 2015 at 11:04:45AM -0600, attila wrote: >> > >> > Stuart Henderson <st...@openbsd.org> writes: >> > >> > > On 2015/03/14 07:25, Jiri B wrote: >> > >> Couldn't this be a flavor of (your cloned) firefox-esr in the beginning? >> > > >> > > That will likely get in the way of people updating firefox-esr.. >> > >> > Perhaps I could truly automate the generation of patches in a way that >> > would simplify this. Of course there can always be some issue that >> > involves manual intervention, like a conflict in a firefox-esr patch >> > with a Tor browser patch. As long as they were detected and flagged >> > by the automation it might not be too onerous. I'm willing to go this >> > way if landry@ agrees, since he's the maintainer. It feels to me like >> > a flavor of firefox-esr is worth pursuing now that I'm thinking about >> > it that way. >> >> Having it as a flavor of firefox-esr will put the burden of ensuring >> that those damn patches still apply at each update on me.. > > +1. This is going to be far worse than the horrible sidebar patch to mutt. > Unless it's kept separate, it *will* get in the way of security fixes to > firefox-esr. Okay, cool. As it turns out I've been working on packaging the other components of the TBB while I waited for feedback on this issue, so no worries: tor-browser will be a separate port more or less how it is now (except with a few issues fixed :-). As far as the Tor people go I would say that not only is TBB a hostile fork of Mozilla, they seem not at all interested in fixing any bugs in the underlying codebase but rather just layering new features and privacy patches on top. Some times their patches are quite intrusive (widening internal APIs, for instance). I don't see how they think this is sustainable at all and I am not a huge fan of HOW they are doing things (obviously). It's just that WHAT they are doing is, for the moment, the best thing going (albeit with a ton of caveats and some salt heaped on top). I want to get to the point where TBB is at least as "good" under OpenBSD as it is under Linux as a first milestone but I'm not at all convinced that this is the best use of my time long-term if I want to promote privacy-enhancing/anonymity-preserving applications on OpenBSD. The Tor browser people seem to be stuck in a Linux echo-chamber and are also a bit too enamoured of crypto, to the exclusion of common sense. My simple request for source tarballs that I could use in a port was somehow silently morphed into a request for SIGNED source tarballs (I did not say this) and then rejected because it would be too much work and is not needed by their gitian-based build infrastructure. Nevermind that pretty much every other open-source project seems to think that plain old source tarballs with checksums is okay. I've run into this kind of attitude before and it is usually a bad sign. If I didn't think Tor was important I would've stopped bothering with this and moved on to something else. Thanks a lot for the feedback. landry@ gave me the necessary clues to push TBB over the finish line, I think. More soon. Pax, -A - -- att...@stalphonsos.com | http://trac.haqistan.net/~attila keyid E6CC1EDB | 4D91 1B98 A210 1D71 2A0E AC29 9677 D0A6 E6CC 1EDB -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVBtXaAAoJEJZ30KbmzB7bRSsP+wWGY8pfxPv6WXoP4JGGYYKr tr2Xv1/L4v/T6TutNElMb1vY6mxUKL5Pbwv5MpzIT24x50vcWdQpkC5k08e03n6r hdLmd3livXtUAMCZ4lJeuAQUlMqCMu75rmYGRftkaQkNKemdUxuzek/Sl2p/V0XQ uGxBOU3OjnUC1ERsbTwSbITbEic7kDu68Rv0M7hXAfCWafGKEIOfqRFjDJS5GfDP Vgfxa973sIv1e0s4IWWV8dhPSj/bWehgj1C93YU5wpdC2Oyl0vnwH5P0mDJbq2Fj 2alqGd6l0eZ2zniIjZ5DdNWyS2aqe0SAAK2lk+Wzr0pDMkZISkhXwAD3KDOlZgG/ jU6r363EB0rDh6wcNnvHrIYkoWIXDZNs1cp/K2VuyOF9ECyu6kxsCLVDeE7lX2/o cbdOSsEorK834hBdAzIz7IfHTpzT3BiAzXpsy49qDtPduj9tthlZw1H1b/Dq7ftt Vku6Tdv5bB8FyPbJni4LTKXbpBUnk0p13k31CWFDPRBbWxZSQKAckdnnt6TuezYi JDkya0DSXs/DPZoHBChsxS0Cw3PmA48nziDsDJoUQ0fzHYBXf4LJHNT5HZR8nf+r 6Fz6QFfKH7JuTMmFGPQsGGrcXWuoWDDfgetPRi0BDEP9Jt02vKg9KJfabXb+FrVR 6B3nG5bnBIInA4kWzYUa =3ToY -----END PGP SIGNATURE-----
