Please add ebuild for torbundle into main tree or add optional tor patches to Mozilla Firefox as USE-flag. Reproducible: Always
I wrote ebuilds for the torbrowser-launcher and torbrowser They are abvailable in my overlay at https://github.com/MeisterP/torbrowser-overlay
we had torbrowser once in the tree and it was abandoned since people were yelling about how it is not safe to use customly compiled browsers with tor (although there is zero proof of that, it's just guesswork) so that is probably not going to happen again
Removing it from the tree seems like a strange solution. How about an ewarn instead?
You can just add the overlay: layman -a torbrowser
(In reply to poncho from comment #4) > You can just add the overlay: layman -a torbrowser This really is not advisable. It is better to use it from the official Tor site than an arbitrary overlay.
(In reply to Sam James (sec padawan) from comment #5) > This really is not advisable. It is better to use it from the official Tor > site than an arbitrary overlay. Julian (who was a gentoo developer back then) and I were the torbrowser maintainers when it was a package in the gentoo tree. We then moved our efforts to the mentioned overlay. (see also https://github.com/MeisterP/torbrowser-overlay/issues/21) I think calling it "arbitrary" is a bit unfair. If you have some actual security issue, please open a bug at https://github.com/MeisterP/torbrowser-overlay/issues
(In reply to poncho from comment #6) > (In reply to Sam James (sec padawan) from comment #5) > > This really is not advisable. It is better to use it from the official Tor > > site than an arbitrary overlay. > > > Julian (who was a gentoo developer back then) and I were the torbrowser > maintainers when it was a package in the gentoo tree. We then moved our > efforts to the mentioned overlay. > (see also https://github.com/MeisterP/torbrowser-overlay/issues/21) > > I think calling it "arbitrary" is a bit unfair. > > If you have some actual security issue, please open a bug at > https://github.com/MeisterP/torbrowser-overlay/issues It was not intended as an insult. I just saw someone advocating for an overlay for a secure tool, and was being cautious. I went to the overlay page and was glad to see it contained health warnings, but it is not in the tree, and I would repeat the same warning for any overlay. I don't actually see why custom compiling it is problematic. The issue is using Tor with a non-patched browser and so on. People can handwave about anything, but...
(In reply to Sam James (sec padawan) from comment #7) > It was not intended as an insult. I just saw someone advocating for an > overlay for a secure tool, and was being cautious. Fair enough, thanks for clarifying :) I totally agree. Generally good advice to be cautious indeed.