On 02/06/2015 12:03 AM, grarpamp wrote:
On Thu, Feb 5, 2015 at 11:15 PM, Nick Mathewson nickm@freehaven.net wrote:
The idea is that Tor could ship with some basic recommendations, and links to places to find more advice?
If it's a question that can be answered by searching "how do i secure and run my unix server", including anything other than links to such answers would seem redundant. Sure, noobs are out there, but it isn't efficient for application projects to formally provide general computer training.
If it's a question of "how do i make tor/unix run happy together on my server", ie: file descriptor shortages, that's a specific known interaction with tor itself, and thus a different situation.
The only thing I'd ship with tor are links... to two community maintained wiki pages, one for each class of question above. From there the community can write whatever faq help desired independant of the release process and considering external developments.
If there wasn't a community or wiki, then shipping any critical runtime dependency notes on the second class of question would be reasonable. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
For what it's worth, I'm mmcc - I wrote the doc/HARDENING draft.
It did end up containing more text than we had hoped. However, I think some of it is worthwhile. For example, the firewall rules are unique to Tor and not entirely obvious. People also wouldn't encounter the DNS suggestion elsewhere.
I added that version to the ticket because it was being considered for the 0.2.6 release. I sent a similar version to the mailing lists a couple months ago and haven't reviewed and incorporated some of the suggestions I received, partially because I suspected that it was already too verbose.
I'm not attached to this document, and I'm fine with it not being added. I also like the idea of linking to a wiki page. Generally, I think we need to make more of an effort to get security information to relay operators. Many volunteer a VPS or home server out of curiosity, and there isn't much of a culture of operational security among those contributors. This could become a problem as the network matures.