-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 16/06/16 23:08, nusenu wrote:
(forwarding a question from tor-dev since here are probably more ops that might want to answer the question bellow) https://lists.torproject.org/pipermail/tor-dev/2016-June/011073.html
Dear tor-relay operators,
are you using torproject's RPMs (instead of those provided by your distro maintainer)?
If so:
Nick Mathewson asked:
People who download our RPMs: in what way are they beneficial?
Because my OS vendor has no Tor packages.
If they did, I'd be on a stable release cadence from the OS, with automatic updates.
I don't care about being on the bleeding edge until the bleeding edge fixes the broken ipv6-implementation. Until then, I can be a few versions behind without mental stress.
As a rule, I refuse to install software manually, as I don't want the maintenance burden of following more -announce lists and recompiling from source every time.
If there's no repository, and it isn't packaged upstream, it's a economical tradeoff.
My time to build and maintain software packages, tracking every release and spending the time making sure it works, vs. the value of the project.
Tor brings no value to me as someone who's hosting an exit relay, so that equation would end with "don't run a relay, it's not worth it".
If there was a system package as well as an tor upstream package, I'd generally prefer the system package. They have a proven track record for handling updates smoothly, making sure signing and QA happens on packages.
Vendor repositories are generally of worse quality, runs arbitary commands as root on my machines, and may or may not inflict other harm on my system.
Even if I run tor, I don't want to give tor devs persistent root access to my computers.
//D.S.