[Pkg-privacy-maintainers] The future of torbrowser-launcher (and similar) in Debian

intrigeri intrigeri at debian.org
Mon Jun 5 09:21:54 UTC 2017 

Hi all!

An ongoing discussion on the Tor Browser developers mailing list will
be interesting to some of you. It's about architectural matters around
sandboxing Tor Browser, which inevitably raises questions that are
very much about torbrowser-launcher, such as the initial installation,
upgrades, and what sandboxing technology is safest and works on
various platforms (e.g. currently TBL only does AppArmor, which is
1. a bit too limited for the case at hand except on Ubuntu and
OpenSUSE; 2. not readily available on all Linux platforms Tor Browser
should support well; not even mentioning non-Linux platforms).

My executive summary of the current state of the discussion is that at
some point:

1. What Tor Launcher (not TBL!) currently does as a Firefox add-on,
   i.e. providing a GUI to configure and start little-t-tor, will be
   moved to an external meta-process.

2. Said external meta-process will also handle the initial download,
   further upgrades, and sandboxing of Tor Browser.

3. Said external meta-process will be supported by upstream Tor
   Browser people as a first-class citizen.

Once this is done, I think that we should package the meta-process in
Debian, that will supersede TBL entirely. Interestingly, that thing
already exists (except #3 is not *that* clear currently): it's called
sandboxed-tor-browser. But the future of the current implementation is
unclear so far, so I say let's wait a bit for the dust to settle and
a better supported solution exists before we add stuff to the archive…
and to our maintenance plate!

Ulrike, and anyone else particularly interested in TBL and/or
applications sandboxing, let me know if you're going to read (and
follow) that thread yourself, or if you'd rather see me keep
summarizing here what's happening there.

The thread starts in May there:
https://lists.torproject.org/pipermail/tbb-dev/2017-May/000548.html
… and goes on in June:
https://lists.torproject.org/pipermail/tbb-dev/2017-June/000570.html

Take care,
cheers,
-- 
intrigeri

More information about the Pkg-privacy-maintainers mailing list