Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Create a new issue
  • Issue Boards

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #6978

Closed (moved)
Open
Opened Sep 26, 2012 by Jacob Appelbaum@ioerror

Create Magnet links for download

I've been talking with a lot of Free Software projects about how they don't want to serve stuff up over HTTPS - especially bulk data. I've heard a lot of user blaming, balking at even trying to be secure, the point of gpg signatures, etc.

I think that there is a middle ground and it is probably worthwhile to explore. We could also use it as a test - it seems like an easy test too.

Basically, I propose that over HTTPS, we have a page that links to all of our downloads, with GPG signatures and the file they wish to download as BitTorrent Magnet links.

Here's one I created that has no seeders and no need for them, I might add:

magnet:?xt=urn:btih:696513360665ad8bc398126cba2e688d882ed5cd&dn=TorBrowser&as=https%3A%2F%2Fwww.torproject.org%2Fdist%2Ftorbrowser%2Flinux%2Ftor-browser-gnu-linux-x86%5F64-2.3.22-alpha-1-dev-en-US.tar.gz&as=http%3A%2F%2Fj6im4v42ur6dpic3.onion%2Ftor-package-archive%2Ftorbrowser%2Ftor-obfsproxy-browser-2.3.22-alpha-1%5Fen-US.exe&as=https%3A%2F%2Farchive.torproject.org%2Ftor-package-archive%2Ftorbrowser%2Flinux%2Ftor-browser-gnu-linux-x86%5F64-2.3.22-alpha-1-dev-en-US.tar.gz

The nice thing about that Magnet URN is that it includes (three) urls as backups - so anyone who clicks on it will fetch it over a .onion via HTTP or via two different HTTPS urls. I think that means that merely by offering the files our first users will get a normal download via HTTPO or HTTPS. They then become the seeders - no seeding box needed!

I think it should be rather straight forward to automate the creation of urls for our use too.

The main question for me is how well the 'as=' ( see https://en.wikipedia.org/wiki/Magnet_URI#Normal_.28as.29 ) field actually works. Do BitTorrent clients actually download it over HTTPS properly?

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#6978