#27539: Create plan for releasing on F-Droid -------------------------------------------------+------------------------- Reporter: sysrqb | Owner: tbb- | team Type: enhancement | Status: new Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-mobile, TorBrowserTeam201902, | Actual Points: TBA-8.5 | Parent ID: #26318 | Points: Reviewer: | Sponsor: | Sponsor8 -------------------------------------------------+-------------------------
Comment (by gk): sysrqb: Could we try to map out the pros and cons for having Tor Browser built and distributed via the official F-Droid repo vs. making it available via our own one? So, assuming we are going the official F-Droid repo route and are getting a build script ready that is essentially doing the tor-browser-build on F-Droid's infra, how would we make sure that we are actually releasing what we got with our own builds? I mean without verification before we go live reproducible builds are just a promise. :) eighthave: are there ways to incorporate that verification step in the whole build process? Do we add additional attack surface by relying on F-Droid infra vs. setting up our own (and if so, is that worth the benefit)? -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27539#comment:9> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs