The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2020-08-27T16:32:19Zhttps://gitlab.torproject.org/tpo/web/support/-/issues/115Update "How to report bug or feedback" and remove Trac2020-08-27T16:32:19ZGusUpdate "How to report bug or feedback" and remove TracSince we're moving from Trac, we will need to update our documentation to explain how to report bug or give feedback.
http://4bflp2c4tnynnbes.onion/misc/bug-or-feedback/Since we're moving from Trac, we will need to update our documentation to explain how to report bug or give feedback.
http://4bflp2c4tnynnbes.onion/misc/bug-or-feedback/https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/21publish the migration source code2021-10-21T15:14:10Zanarcatpublish the migration source codeit would be great to have the migration source code public, if that is safe at all.
it would serve a few purposes:
1. it would allow us to diagnose problems better if they come up
2. it would give good examples on how to talk to the ...it would be great to have the migration source code public, if that is safe at all.
it would serve a few purposes:
1. it would allow us to diagnose problems better if they come up
2. it would give good examples on how to talk to the API
3. it would show others how we did it
Of course the code would need to be sanitized for secrets, but it doesn't have to be clean.Alexander Færøyahf@torproject.orgAlexander Færøyahf@torproject.orghttps://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/15User permissions in TPO2023-12-05T18:45:51ZGabagaba@torproject.orgUser permissions in TPO- [ ] Move this into guides/documentation
- [ ] Include clear criteria on when to create an account in gitlab and how to assign permissions.
- [x] Can somebody else review who has permission to what group under tpo? Right now we have
tp...- [ ] Move this into guides/documentation
- [ ] Include clear criteria on when to create an account in gitlab and how to assign permissions.
- [x] Can somebody else review who has permission to what group under tpo? Right now we have
tpo:
* gaba - owner
* isabela - reporter
* roger - reporter
core:
* dgoulet - owner
* asn - owner
* nickm - owner
* ahf - owner
* gaba - owner
tpa:
* ahf-admin - owner
* hiro - owner
* weasel - owner
* gaba - owner
applications:
* acat - owner
* ahf-admin - owner
* antonela - owner
* sysrqb - owner
* gk - owner
* brade - developer
* mcs - developer
* bolkm - developer
* gaba - owner
ux:
* antonela - owner
* diogosergio - maintainer
* pili - maintainer
* emmapeel - maintainer
* torproject-pusher - maintainer
* nah - develper
* dunqan - developer
* gaba - owner
community:
* gus - owner
* pili - owner
* kat - guest
* alison - mantainer
* kushal - developer
* emmapeel - developer
* gaba - owner
metrics:
* ahf-admin - owner
* karsten - owner
* acute - developer
* djackson - developer
* phw - developer
* gaba - owner
anti-censorship:
* cohosh - owner
* phw - owner
* hiro- developer
* arma - developer
* gaba - owner
* antonela - developer
network health:
* dgoulet - owner
* gk - owner
* phw - owner
* arma - owner
* gaba - owner
web:
* gus - owner
* hiro - mantainer
* pili - maintainer
* emmapeel - maintainer
* torproject-ppusher - maintainer
* antonela - developer
* stephw - developer
* protechthor-guest - developer
* clash - reporter
* arma - reporter
* aya - developer
* bunnyapocalypse-guest - guest
* nemaniarjun-guest - guest
* claromes-guest - guest
* jacobo-guest - guest
* kjedidiahpark-guest - guest
* raviteja-guest
* rotationmatrix-guest - guest
* jaruga - guest
* gaba - owner
scalability:
* mikeperry - maintainer
* arma - maintainer
* gaba - owner
external users:
* all contributors that are not in a specific group/team. Limit projects creation to 5.
What should we change? I think we should at least remove admin users from ownership. They already have access to everything.
Permissions and roles in Gitlab: https://gitlab.torproject.org/help/user/permissionshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40005Review advice on VPN use during onboarding2022-03-21T20:08:35ZAntonelaantonela@torproject.orgReview advice on VPN use during onboardingMany first-time users are attempting to configure VPNs on Tor Browser, some of whom mistakenly believe VPN usage is critical to protecting their privacy.
This ticket is to review the existing onboarding flow as an education opportunity ...Many first-time users are attempting to configure VPNs on Tor Browser, some of whom mistakenly believe VPN usage is critical to protecting their privacy.
This ticket is to review the existing onboarding flow as an education opportunity and amend as required to provide up to date advice on VPN use.
Consider this as a reference ticket to: https://gitlab.torproject.org/legacy/trac/-/issues/30514https://gitlab.torproject.org/tpo/tpa/team/-/issues/34436document the static mirror network and onionbalance system better2020-12-01T15:31:36Zanarcatdocument the static mirror network and onionbalance system betterwe have some documentation on the static mirroring system here:
https://help.torproject.org/tsa/howto/static-component/
it's mostly procedural and minimal: add a component, remove a component and that's it. it doesn't explain at all ho...we have some documentation on the static mirroring system here:
https://help.torproject.org/tsa/howto/static-component/
it's mostly procedural and minimal: add a component, remove a component and that's it. it doesn't explain at all how the system works, how to create or remove a new node in the network, how onion services interact with it, and how it actually works in puppet.
all this should be better documented. for example, I should be able to resolve legacy/trac#34396 without asking weasel. :)anarcatanarcathttps://gitlab.torproject.org/tpo/web/community/-/issues/139[Onion services] Improve how to setup your onion service with unix domain soc...2020-11-23T20:32:47ZGus[Onion services] Improve how to setup your onion service with unix domain socketsIn this section we should recommend and explain how to use unix domain sockets:
http://3gldbgtv5e4god56.onion/onion-services/setup/In this section we should recommend and explain how to use unix domain sockets:
http://3gldbgtv5e4god56.onion/onion-services/setup/https://gitlab.torproject.org/tpo/web/community/-/issues/136[Onion Services] How to use eotk2020-11-23T20:31:11ZGus[Onion Services] How to use eotkWrite a guide on how to use EOTK to onionize your own website.Write a guide on how to use EOTK to onionize your own website.Sponsor 84: Onion Guideshttps://gitlab.torproject.org/tpo/core/tor/-/issues/34246Add a link to the formatted architecture docs in src/mainpage.md2021-07-22T16:18:20ZteorAdd a link to the formatted architecture docs in src/mainpage.mdWhen I open up src/mainpage.md. it's obviously meant to be formatted by a markdown parser. (And GitHub's markdown doesn't seem to handle "@" directives.)
Can you add a link to the formatted output at the top of mainpage.md ?When I open up src/mainpage.md. it's obviously meant to be formatted by a markdown parser. (And GitHub's markdown doesn't seem to handle "@" directives.)
Can you add a link to the formatted output at the top of mainpage.md ?Tor: 0.4.4.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/34133Tor documentation missing sandbox and %include limitations2021-07-22T16:18:20ZJigsaw52Tor documentation missing sandbox and %include limitationsThe tor manpage and documentation do not tell the user that is not possible to add new configuration files to %included directories in its config files when the seccomp sandbox is enabled.The tor manpage and documentation do not tell the user that is not possible to add new configuration files to %included directories in its config files when the seccomp sandbox is enabled.Tor: 0.4.4.x-finalhttps://gitlab.torproject.org/tpo/web/community/-/issues/130[Onion Services][SSL][Vanity] FR: writeup about authentication for onion site...2021-03-25T15:07:32ZJim Newsome[Onion Services][SSL][Vanity] FR: writeup about authentication for onion sites. SSL certs, vanity addresses, etc.Context - I was reaching out to the owners of securityinabox.org about their onion address https://bpo4ybbs2apk4sk4.onion/, which presents a cert for a completely different domain. I looked for but couldn't find authoritative docs about ...Context - I was reaching out to the owners of securityinabox.org about their onion address https://bpo4ybbs2apk4sk4.onion/, which presents a cert for a completely different domain. I looked for but couldn't find authoritative docs about best practices around SSL for onion sites.
It'd at least be nice to have a short writeup about the recent movement about not requiring EV certs (https://cabforum.org/pipermail/servercert-wg/2020-February/001637.html).
At the risk of scope creep it'd perhaps be even better to have a more comprehensive writeup about best practices around proving authenticity for onion addresses. e.g. perhaps also mention why vanity addresses aren't helpful, alternatives to certs you *can* do (link from something else already securely tied to your identity), etc.
FWIW here's what I sent to the securityinabox folks:
FYI the onion address (http://bpo4ybbs2apk4sk4.onion) linked from your 'about' page (https://securityinabox.org/en/about) appears to be broken. It presents a certificate for common-name "api-test.ttc.io", which results in browser warnings. Unfortunately even if the user clicks through the warnings, the server then just returns a 502 error.
I wanted to mention a few things about the cert in particular, but I should preface with: I'm a developer at the Tor Project; I'm somewhat familiar with this subject but to be clear I'm new and this is outside my primary area
The Tor protocol itself already provides encryption and authentication. Most of the potential value in a certificate would be to link the onion address to your clear-web domain name, but a cert for some other domain, as your server is presenting, doesn't do that either.
A cert for "securityinabox.org" might be a little better - it'd still cause a warning, but at least on inspection would prove that this onion address really belongs to the owner of that domain. OTOH simply having a link to your onion site from an SSL/TLS clear-web page you own, which you already do, already does that in a less obscure way.
A cert that includes the onion address itself would get rid of the warning. Until recently this required getting an expensive EV cert, but this is changing now (https://cabforum.org/pipermail/servercert-wg/2020-February/001637.html).
Assuming you don't have much resources to dedicate to this, the best short-term course of action might be to just drop the cert (and hence SSL/TLS) for now to get ride of the warnings (and thus not either scare people away or train them to click away the warnings).https://gitlab.torproject.org/tpo/web/support/-/issues/252bandwidth-shaping script link Path not found2022-06-14T15:01:36Zcypherpunksbandwidth-shaping script link Path not foundon page:
https://support.torproject.org/operators/bandwidth-shaping/
The link from last script, leads to nowhere.
https://gitweb.torproject.org/tor.git/tree/contrib/operator-tools/linux-tor-prio.sh
Path not foundon page:
https://support.torproject.org/operators/bandwidth-shaping/
The link from last script, leads to nowhere.
https://gitweb.torproject.org/tor.git/tree/contrib/operator-tools/linux-tor-prio.sh
Path not foundhttps://gitlab.torproject.org/tpo/community/support/-/issues/33943bandwidth-shaping script link Path not found2021-09-02T18:37:51Zcypherpunksbandwidth-shaping script link Path not foundon page:
https://support.torproject.org/operators/bandwidth-shaping/
The link from last script, leads to nowhere.
https://gitweb.torproject.org/tor.git/tree/contrib/operator-tools/linux-tor-prio.sh
Path not foundon page:
https://support.torproject.org/operators/bandwidth-shaping/
The link from last script, leads to nowhere.
https://gitweb.torproject.org/tor.git/tree/contrib/operator-tools/linux-tor-prio.sh
Path not foundGusGushttps://gitlab.torproject.org/tpo/core/tor/-/issues/33894make (retroactive) proposal for DoS subsystem2022-10-11T23:39:35ZRoger Dingledinemake (retroactive) proposal for DoS subsystemIn legacy/trac#24902, dgoulet speaks of a ddos-design.txt document.
But there is no actual proposal for the overall DoS subsystem.
If we have the document around, and we just never published it, this is a great chance to notice, clean ...In legacy/trac#24902, dgoulet speaks of a ddos-design.txt document.
But there is no actual proposal for the overall DoS subsystem.
If we have the document around, and we just never published it, this is a great chance to notice, clean it up a bit, and call it proposal three-hundred-and-something. (And then maybe turn some of it into one of the spec files if that makes sense, but, one step at a time here. :)
Motivated by this month's tor-dev thread where all we have to show for the DoS subsystem design is a trac ticket number and a changelog entry.https://gitlab.torproject.org/tpo/core/tor/-/issues/33778TestingTorNetwork options in the man page are out of date2021-07-22T16:18:20ZoparaTestingTorNetwork options in the man page are out of dateA few of the values under `TestingTorNetwork` in `doc/tor.1.txt` are out of date compared to the options in `src/app/config/testnet.inc`. Also, some of the units listed for options only state 'minutes|hours' when they actually support 's...A few of the values under `TestingTorNetwork` in `doc/tor.1.txt` are out of date compared to the options in `src/app/config/testnet.inc`. Also, some of the units listed for options only state 'minutes|hours' when they actually support 'seconds' as well. I only fixed the ones that were relevant to `TestingTorNetwork`, but there are probably others as well. Will add a PR shortly.
In addition, many of the options that are of type `INTERVAL` use different units in the man page. For example:
```
ShutdownWaitLength NUM
V3AuthVotingInterval N minutes|hours
TestingV3AuthVotingStartOffset N seconds|minutes|hours
DormantClientTimeout N minutes|hours|days|weeks
```
Since these are all of type `INTERVAL`, is there a reason why these units are different when all of them support any unit in `unitparse.c` (seconds, minutes, hours, days, weeks)? One reason could be that some options have lower bounds (for example `V3AuthVotingInterval` must be greater than 300 seconds which is of the order of minutes), but the user can just specify 300 seconds rather than 5 minutes.Tor: 0.4.4.x-finalhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33773Add Tor Browser-specific licenses in about:license2022-07-08T20:55:01ZMatthew FinkelAdd Tor Browser-specific licenses in about:licenseThis idea came out of legacy/trac#33771 and legacy/trac#33772. GeKo mentioned that we don't need to ship a specific license for NSS because it is covered by `about:license`, and we could use `about:license` for the additional licenses we...This idea came out of legacy/trac#33771 and legacy/trac#33772. GeKo mentioned that we don't need to ship a specific license for NSS because it is covered by `about:license`, and we could use `about:license` for the additional licenses we must ship, as well. Currently those Tor Browser-specific licenses are controlled by tor-browser-build and they are included as text files at build-time. Extending `about:license` is a good idea.
The main disadvantage I see is downstream projects who take a tor browser package and re-use all of the tor parts but they don't use the browser. We could achieve this by continuing with adding licenses in text files and then patching them into tor-browser's `toolkit/content/license.html` at build time. I'm not very excited about the additional complexity this would require, though.https://gitlab.torproject.org/tpo/web/support/-/issues/98Add Mailing List information2020-11-18T15:29:25ZemmapeelAdd Mailing List informationWe don't have mailing list information, neither on the Contact section of tpo, not in the ['Get in touch'](https://support.torproject.org/get-in-touch/) section in the support portal.
We should decide a place for it, there is some infor...We don't have mailing list information, neither on the Contact section of tpo, not in the ['Get in touch'](https://support.torproject.org/get-in-touch/) section in the support portal.
We should decide a place for it, there is some information at
https://2019.www.torproject.org/docs/documentation#MailingLists
But it should be updated.GusGushttps://gitlab.torproject.org/tpo/core/tor/-/issues/33742Add information about design paper and anonbib inside README.1st2021-06-23T11:55:13ZGhost UserAdd information about design paper and anonbib inside README.1stAs mentioned under legacy/trac#33688 (comment 9) some old "TODO" items were removed from `doc/HACKING/README.1st.md` file.
Link and description should be added for:
- design paper,
- anonbib.As mentioned under legacy/trac#33688 (comment 9) some old "TODO" items were removed from `doc/HACKING/README.1st.md` file.
Link and description should be added for:
- design paper,
- anonbib.https://gitlab.torproject.org/tpo/core/tor/-/issues/33741Format code blocks inside markdown files (documentation)2021-07-22T16:18:20ZGhost UserFormat code blocks inside markdown files (documentation)There are issues with code blocks inside some *.md files (some files use code blocks syntax, some do not). First of all, it's not consistent but what's really bad is when *.md file is being displayed incorrectly. You can find an example ...There are issues with code blocks inside some *.md files (some files use code blocks syntax, some do not). First of all, it's not consistent but what's really bad is when *.md file is being displayed incorrectly. You can find an example of what I'm saying in CodingStandards.md under How we log changes section.
https://github.com/torproject/tor/blob/master/doc/HACKING/CodingStandards.md#how-we-log-changes
Part of the git log output is still displayed as a regular text rather than a formatted code block.
Goal of this ticket is to go through all *.md files under `doc` and `doc/HACKING` directories and format code snippets accordingly.
```
```c
// code snippet
// written in
// C language
```
```
```
```bash
// command to be run
// inside bash
```
```
This should fix the issues described above and enable syntax highlighting on supported websites and editors.Tor: unspecifiedGuinnessGuinnesshttps://gitlab.torproject.org/tpo/web/community/-/issues/117[Onion Services] How to launch a site w/ onionshare2021-08-23T16:31:49ZGus[Onion Services] How to launch a site w/ onionshareIn onionshare you can launch a static website. It would be nice to have this how to in onion services section.In onionshare you can launch a static website. It would be nice to have this how to in onion services section.Sponsor 84: Onion Guideshttps://gitlab.torproject.org/tpo/web/community/-/issues/116[Onion Services] How to use DoS protections2021-08-23T16:31:49ZGus[Onion Services] How to use DoS protectionsRecently asn and dgoulet released a framework explaining how to configure your Onion Service to limit some DoS attacks. We should have a how to use this feature.Recently asn and dgoulet released a framework explaining how to configure your Onion Service to limit some DoS attacks. We should have a how to use this feature.Sponsor 84: Onion GuidesGusGus