473052 – net-misc/torbundle - Tor Browser Bundle

Bug 473052 - net-misc/torbundle - Tor Browser Bundle

Summary: net-misc/torbundle - Tor Browser Bundle

Status:	UNCONFIRMED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	Normal enhancement with 2 votes (vote)
Assignee:	Default Assignee for New Packages

URL:	https://www.torproject.org/download/d...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-06-12 02:07 UTC by anonymous
Modified:	2020-04-24 18:02 UTC (History)
CC List:	7 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description anonymous 2013-06-12 02:07:39 UTC

Please add ebuild for torbundle into main tree or add optional tor patches to Mozilla Firefox as USE-flag. 

Reproducible: Always

Comment 1 poncho 2014-05-03 19:46:22 UTC

I wrote ebuilds for the torbrowser-launcher and torbrowser

They are abvailable in my overlay at https://github.com/MeisterP/torbrowser-overlay

Comment 2 Julian Ospald 2014-05-03 20:19:53 UTC

we had torbrowser once in the tree and it was abandoned since people were yelling about how it is not safe to use customly compiled browsers with tor (although there is zero proof of that, it's just guesswork)

so that is probably not going to happen again

Comment 3 A. Person 2014-07-30 12:39:50 UTC

Removing it from the tree seems like a strange solution.  How about an ewarn instead?

Comment 4 poncho 2014-07-30 21:29:24 UTC

You can just add the overlay: layman -a torbrowser

Comment 5 Sam James archtester

2020-04-24 01:09:39 UTC

(In reply to poncho from comment #4)
> You can just add the overlay: layman -a torbrowser

This really is not advisable. It is better to use it from the official Tor site than an arbitrary overlay.

Comment 6 poncho 2020-04-24 06:01:05 UTC

(In reply to Sam James (sec padawan) from comment #5)
> This really is not advisable. It is better to use it from the official Tor
> site than an arbitrary overlay.


Julian (who was a gentoo developer back then) and I were the torbrowser maintainers when it was a package in the gentoo tree. We then moved our efforts to the mentioned overlay.
(see also https://github.com/MeisterP/torbrowser-overlay/issues/21)

I think calling it "arbitrary" is a bit unfair.

If you have some actual security issue, please open a bug at https://github.com/MeisterP/torbrowser-overlay/issues

Comment 7 Sam James archtester

2020-04-24 14:05:01 UTC

(In reply to poncho from comment #6)
> (In reply to Sam James (sec padawan) from comment #5)
> > This really is not advisable. It is better to use it from the official Tor
> > site than an arbitrary overlay.
> 
> 
> Julian (who was a gentoo developer back then) and I were the torbrowser
> maintainers when it was a package in the gentoo tree. We then moved our
> efforts to the mentioned overlay.
> (see also https://github.com/MeisterP/torbrowser-overlay/issues/21)
> 
> I think calling it "arbitrary" is a bit unfair.
> 
> If you have some actual security issue, please open a bug at
> https://github.com/MeisterP/torbrowser-overlay/issues

It was not intended as an insult. I just saw someone advocating for an overlay for a secure tool, and was being cautious.

I went to the overlay page and was glad to see it contained health warnings, but it is not in the tree, and I would repeat the same warning for any overlay.

I don't actually see why custom compiling it is problematic. The issue is using Tor with a non-patched browser and so on. People can handwave about anything, but...

Comment 8 poncho 2020-04-24 18:02:08 UTC

(In reply to Sam James (sec padawan) from comment #7)
> It was not intended as an insult. I just saw someone advocating for an
> overlay for a secure tool, and was being cautious.

Fair enough, thanks for clarifying :)
I totally agree. Generally good advice to be cautious indeed.