Re: polipo-tor deb/ubuntu native package
On Thu, Jan 13, 2011 at 12:03:58AM -0500, and...@torproject.org wrote: On Fri, Jan 07, 2011 at 03:21:22PM -0800, travis+ml-tor-t...@subspacefield.org wrote 15K bytes in 259 lines about: There has been much discussion over a combined tor and polipo package, as well as a vidalia-tor-polipo package for deb-based systems. Well, I just saw the vidalia ubuntu packages lately, and I think I'll make it a recommended package for my polipo-tor package, since vidalia doesn't seem apropos for headless servers, for example (I could be wrong; only installed it recently). The core issue is that packages should not overwrite other packages config files. I don't; I just installed to parallel files such as /etc/polipo-tor. In other words, it installs polipo, tor, and a bunch of other dependencies, and then installs a parallel set of config files, /var/run pid files, and log files so that it doesn't interfere with the installed polipo. It also runs on a different port (8118 instead of polipo's default of 8123). To make it ridiculously easy for people, I created my own repo here: http://www.subspacefield.org/packages/ubuntu/ Just follow the instructions, sudo aptitude install polipo-tor, install torbutton (or whatever), and go. Should take all of one minute to get up and running. We've generally assumed (wrongly) that linux users understand their system and can handle manual configuration of a few packages, such as tor, polipo, and vidalia. The general answer for users who just want a tor client is to use the tor browser bundle. I understand; I'm old school, I used to track all third-party sources via CVS, but it just doesn't scale very well. Nowadays if it's not in a repo, it doesn't exist for most people - it's beyond their level of interest. I understand both points of view. The real answer is to fix firefox so it doesn't need a proxy between it and Tor. We patch firefox to do just this in the osx and linux tor browser bundles. Polipo was a fine kludge until either we started patching firefox or mozilla fixed their many-years-old socks bug. Hmm, I had no idea this was even available for Linux. It looks like a tarball - it's unclear how this will interact with a package manager, which likes to know which packages installed which files, and updates them automatically, etc. The great thing about free software is that you're welcome to do just what you're doing. You don't like the situation, so you solve it. Great. Thanks. ;-) I believe in do-ocracy. So, now I've brought the level of effort down to one minute or less, and the level of thought down to something you can do while drunk and sleep-deprived, since there's no decisions required. So how do I make people aware of the option? -- Effing the ineffable since 1997. | http://www.subspacefield.org/~travis/ My emails do not usually have attachments; it's a digital signature that your mail program doesn't understand. If you are a spammer, please email j...@subspacefield.org to get blacklisted. pgpkoclIw9M9r.pgp Description: PGP signature
Re: polipo-tor deb/ubuntu native package
Hi, travis+ml-tor-t...@subspacefield.org wrote (17 Jan 2011 20:21:56 GMT) : So, now I've brought the level of effort down to one minute or less, and the level of thought down to something you can do while drunk and sleep-deprived, since there's no decisions required. Thank you. This is much appreciated. So how do I make people aware of the option? In my humble opinion your package shall be pushed to Debian and Ubuntu (or at least to deb.torproject.org) before user awareness is the top priority. Rationale: I'm not a fan of recommending users to install .deb from any random online repository (no offense intended); trusting a given APT source almost equals trusting this repository's admins and package maintainers to be root on your system. I don't think pushing this package to Debian and Ubuntu is that hard and I suggest the following process: 0. If not done yet, compare the default polipo configuration you are shipping with the Tor Browser Bundle's and T(A)ILS' ones, just to make sure no privacy/anonymity-related option was missed. 1. Make sure your package is in good enough shape so that it can be included in Debian (= Debian users can use it as well, and Ubuntu will fetch it from there in a few months). I mean checking the Debian Policy compliance, making sure it is Lintian-clean, etc. 2. Fill a Request For Package (RFP) bug in the Debian BTS [0] so that any Tor-friendly Debian developer is aware of your work and can decide to upload your package into Debian. 3. Mention the RFP bug on the Debian bug that tracks the polipo vs. torbutton port mismatch [1], and reciprocally. 4. Wait for the package to be uploaded into Debian. 5. Wait for the package to be fetched from Debian by Ubuntu. Note that one does not need to be an official Debian developer to maintain packages in Debian. Such a formal status is only needed to upload, so you can go on maintaining this package and work hand in hand with a Debian developer that will advise you if needed, check your packages and push it to the Debian archive (... = Ubuntu archive). [0] http://www.debian.org/devel/wnpp/ [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606916 Bye, -- intrigeri intrig...@boum.org | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc | Every now and then I get a little bit restless | and I dream of something wild. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: polipo-tor deb/ubuntu native package
On Mon, Jan 17, 2011 at 10:42:18PM +0100, intrigeri wrote: So how do I make people aware of the option? In my humble opinion your package shall be pushed to Debian and Ubuntu (or at least to deb.torproject.org) before user awareness is the top priority. Rationale: I'm not a fan of recommending users to install .deb from any random online repository (no offense intended); trusting a given APT source almost equals trusting this repository's admins and package maintainers to be root on your system. Makes sense. I'd like to get it in the torproject.org repo, but I'm not sure how. Per Andrew's suggestion, I opened a trac.torproject.org ticket to ask for someone to help me get it in there. I am unsure of whether it should be in the debian repo, since the dependencies aren't even in there yet. However, I could try and see what they think. I don't think pushing this package to Debian and Ubuntu is that hard and I suggest the following process: 0. If not done yet, compare the default polipo configuration you are shipping with the Tor Browser Bundle's and T(A)ILS' ones, just to make sure no privacy/anonymity-related option was missed. Good point, will do. 1. Make sure your package is in good enough shape so that it can be included in Debian (= Debian users can use it as well, and Ubuntu will fetch it from there in a few months). I mean checking the Debian Policy compliance, making sure it is Lintian-clean, etc. I uploaded it to debian-mentors and it checks out fine now (as of version 1.4) 2. Fill a Request For Package (RFP) bug in the Debian BTS [0] so that any Tor-friendly Debian developer is aware of your work and can decide to upload your package into Debian. Is this related, parallel, a superset or a subset of the debian-mentors RFS process? I could go through that, but haven't flagged this package as needing sponsorship yet since the tor packages themselves aren't in the debian repo. -- Effing the ineffable since 1997. | http://www.subspacefield.org/~travis/ My emails do not usually have attachments; it's a digital signature that your mail program doesn't understand. If you are a spammer, please email j...@subspacefield.org to get blacklisted. pgpYc2530rMhE.pgp Description: PGP signature
Re: polipo-tor deb/ubuntu native package
On Mon, 17 Jan 2011 12:21:56 -0800 travis+ml-tor-t...@subspacefield.org wrote: The real answer is to fix firefox so it doesn't need a proxy between it and Tor. We patch firefox to do just this in the osx and linux tor browser bundles. Polipo was a fine kludge until either we started patching firefox or mozilla fixed their many-years-old socks bug. Hmm, I had no idea this was even available for Linux. It looks like a tarball - it's unclear how this will interact with a package manager, which likes to know which packages installed which files, and updates them automatically, etc. Tor Browser Bundle isn't something to install, you extract and run. I've seen a few linux users just double click the tar.gz file and run from inside their archive extractor. -- Andrew pgp 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: polipo-tor deb/ubuntu native package
Hi, travis+ml-tor-t...@subspacefield.org wrote (17 Jan 2011 23:55:16 GMT) : I am unsure of whether it should be in the debian repo, since the dependencies aren't even in there yet. What are the missing dependencies? (I have not had a single look at your package yet, sorry.) However, I could try and see what they think. From my (limited) experience, this is not a process that works very well inside the Debian community. Things are changing though, but the process is slow. What works better, as far as I know, is preparing things really well before submission so that your proposal cannot be rejected for obvious minor reasons: the first impression it makes is pretty important. I uploaded it to debian-mentors and it checks out fine now (as of version 1.4) Congrats :) 2. Fill a Request For Package (RFP) bug in the Debian BTS [0] so that any Tor-friendly Debian developer is aware of your work and can decide to upload your package into Debian. Is this related, parallel, a superset or a subset of the debian-mentors RFS process? I don't know the Debian Mentors process at all, sorry. I could go through that, but haven't flagged this package as needing sponsorship yet since the tor packages themselves aren't in the debian repo. You might be confusing Debian and Ubuntu on this matter as Tor has been part of Debian for years: - http://packages.debian.org/changelogs/pool/main/t/tor/current/changelog - http://snapshot.debian.org/package/tor/ Moreover the Tor package will closely follow upstream releases during the Debian Squeeze lifecycle, thanks to the Debian Volatile archive. Bye, -- intrigeri intrig...@boum.org | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc | We're dreaming of something else. | Something more clandestine, something happier. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
polipo-tor deb/ubuntu native package
Attached. I'm gonna make this available on a personal repo in the near future (this weekend or next)... the tools are kinda wonky. All architectures - no binaries - has a proper list of dependencies I think, though I should add vidalia and make some of them optional probably. I've advertised this a few times, to virtually no response. The tor-assistants mlist has been confused, with people telling me they weren't sure what their ubuntu strategy was, whether they even wanted debian packages, etc. I haven't, for the life of me, been able to even figure out who to talk to. I've posted emails perhaps 3 times, with virtually no feedback. Nobody's apparently doing anything. I don't blame them, because the debian packaging tools and docs are complicated and annoying. So, I'm just publishing this myself. If you apt-get this from a repo, it'll install every package you need, IIUC. Then install torbutton, one click and you're on tor. -- Good code works on most inputs; correct code works on all inputs. My emails do not have attachments; it's a digital signature that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ If you are a spammer, please email j...@subspacefield.org to get blacklisted. polipo-tor_1.3_all.deb Description: application/debian-package pgpsdPPythEW5.pgp Description: PGP signature
