Delivery-Date: Wed, 08 Jun 2016 08:14:16 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	RCVD_IN_DNSWL_MED,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [138.201.14.202])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 583881E0419;
	Wed,  8 Jun 2016 08:14:14 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 99502E0FA9;
	Wed,  8 Jun 2016 12:13:55 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 4827DE0C5C
 for <tor-talk@lists.torproject.org>; Wed,  8 Jun 2016 12:13:51 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 41odOxEcsTUy for <tor-talk@lists.torproject.org>;
 Wed,  8 Jun 2016 12:13:51 +0000 (UTC)
Received: from continuum.iocl.org (continuum.iocl.org [217.140.74.2])
 by eugeni.torproject.org (Postfix) with ESMTP id C6D16E0A4C
 for <tor-talk@lists.torproject.org>; Wed,  8 Jun 2016 12:13:50 +0000 (UTC)
Received: (from krey@localhost)
 by continuum.iocl.org (8.11.3/8.9.3) id u58CDlp05319;
 Wed, 8 Jun 2016 14:13:47 +0200
Date: Wed, 8 Jun 2016 14:13:47 +0200
From: Andreas Krey <a.krey@gmx.de>
To: tor-talk@lists.torproject.org
Message-ID: <20160608121347.GC8115@inner.h.apk.li>
References: <bfd85298d1c9a42cc9f3945c11a7679f@cock.lu>
 <132a0399ed4081a3f70d6027ca3e97cc@riseup.net>
 <9fc6224a-fd13-5887-62b5-7bb7fafe6787@cajuntechie.org>
 <7d0669b87c4e9888ee1672080c33a5c0@riseup.net>
 <20160608060310.GB22075@lo.psyced.org>
 <48b531c4527f9bcd82ef0be480153f32@cannon-ciota.info>
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <48b531c4527f9bcd82ef0be480153f32@cannon-ciota.info>
User-Agent: Mutt/1.4.2.1i
X-message-flag: What did you expect to see here?
Subject: Re: [tor-talk] RIP Tor
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Wed, 08 Jun 2016 11:41:14 +0000, CANNON NATHANIEL CIOTA wrote:
....
> Open source and compiling from source is best option. Hopefully there 
> are enough programmers that are able to interpret the source code 
> examining it. Although the source code may be good, most users do not 
> compile from source. Most users install pre-compiled binaries. If I was 
> an adversary I would have the source code clean and have a backdoor in 
> the pre-compiled binaries knowing most people do not compile from 
> source.

That's why tor is doing reproducible builds.

> Most people is all it takes for a sybil position in the network. 
> To mitigate such a thing, one good solution would be to replace 'apt-get 
> install tor'

I'd tend to trust debian to do their thing right, at least as much
as I trust my own verification of what I downloaded to build tor.

> with instructions of how to download, verify integrity, and 
> compile from source; in guides aimed at aspiring Tor node operators and 
> advanced users.

Data point: https://github.com/apk/buildery/blob/master/tor-build/build.sh
This is with building openssl, and has issues that the LD_LIBRARY_PATH
needs to be correct when starting it. Should perhaps throw a -Bstatic
in there.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

