[Pkg-privacy-maintainers] Request for review for patch in torsocks

[Hefee]

Hey,

> > But as the patch disables a "safety" check.
> 
> Given how bad the statu quo is wrt. multi-arch in torsocks,
> so close to the Trixie freeze my main question is:
 >
>   Does this change impact the safety of single-architecture usage?

IMO it does not affect single-architecture usage, as this simple test checks if 
libtorsocks.so exists. On Debian we have apt that already makes sure that  
that you have libtorsocks installed, when installing torsocks.
So this "safety" check would always pass, except you somehow delete the 
libtorsocks without apt noticing. 

> (Rationale: I don't think multi-arch support *for torsocks* is an
> important enough feature to warrant any safety decrease in the main
> use case for this tool. If we can't do this safely I'd rather see
> torsocks detect attempts to use it under multi-arch and abort early.)
> 
> Regarding the code review itself: I don't feel competent; I suggest
> asking upstream's thoughts (which IMO is generally a good idea when
> disabling their safety checks).

The current state of multi-arch is not bad simply not that easy to use, like 
it could be.
I splitted torsocks and libtorsocks already. This makes it possible for users 
to install the different needed libtorsocks arch packages. It is simply not 
that easy to use torsocks in an multiarch environment, as you need to run 
/usr/bin/<tripplet>-torsocks, if they want to use torsocks for another arch.

> I don't feel competent; I suggest asking upstream's thoughts (which IMO is 
generally a good idea when disabling their safety checks).

sent a mail to tor-dev.

Regards,

hefee
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://alioth-lists.debian.net/pipermail/pkg-privacy-maintainers/attachments/20250310/f10d2433/attachment.sig>