[Pkg-privacy-maintainers] Bug#884043: obfsproxy: Ship an AppArmor profile again

Nicolas Braud-Santoni nicolas at braud-santoni.eu
Mon Dec 11 12:09:52 UTC 2017


On Mon, Dec 11, 2017 at 07:21:50AM +0100, intrigeri wrote:
> Hi,
> I suggest first checking why we're still including obfsproxy:
> I suspect most of the reverse-dependency relationships might be
> obsolete nowadays (the last upstream version was released 3 years ago,
> and AFAIK obfs4proxy is the future).

Thanks, that's a great point:
- tor and ooniprobe suggest obfsproxy, and that should be dropped;
  ooniprobe should suggest obfs4proxy instead.
- fteproxy hard-depends on obfsproxy, but uses it as a library so
  AppArmor confinement doesn't matter there.

> If obfsproxy is still useful in contexts where AppArmor confining
> matters, I'm fine with us including a profile again *if* someone
> commits to maintaining it, which apparently is hard to do properly
> without routinely using it on testing/sid.

Yes, I think I would also be fine marking this as WONTFIX if we can confirm
it is not actually used anymore.

Popcon suggests that 37 Debian installations use obfsproxy regularly, but I'm
not sure whether Tor users tend to enable popcon or not.  Regarding fteproxy,
it was listed at 0 recent uses (and 3 installs in total).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-privacy-maintainers/attachments/20171211/3691194b/attachment.sig>

More information about the Pkg-privacy-maintainers mailing list