[Popcon-developers] Bug#773663: Bug#773663: popularity-contest: Patch to enable Tor support
Federico Ceratto
federico.ceratto at gmail.com
Thu Apr 30 16:36:43 UTC 2015
On Mon, Apr 27, 2015 at 1:18 PM, Bill Allombert <ballombe at debian.org> wrote:
> Would you mind writing a popcon FAQ entry <http://popcon.debian.org/FAQ>
> to document this ?
Sure (I'll be in VAC for 6 weeks tho)
> 1) USETOR should use the same convention as ENCRYPT: yes/maybe/no instead of
> always/auto/no
I see "maybe" as confusing to the user, and being explicit is better,
especially when it
comes to security. I would rather suggest avoiding "automatic"
behavior where possible.
> 2) It is a bit awkward that USETOR depends on USEHTTP. It would seems more
> orthogonal if USETOR was an alternative transport or applied to all other
> transports, or an option for USEHTTP (e.g. USEHTTP=tor).
We are really using HTTP and Tor together in this use case. In future we might
have other secure transports, e.g. USETOR + USEHTTPS.
I would recommend against enabling Tor (using exit nodes!) with every protocol
because some might be quite insecure (e.g. with cleartext SMTP)
> Imagine a large red swirl here.
*imagining*
--
Federico
More information about the Popcon-developers
mailing list