[Pkg-anonymity-tools] OnionShare 1.0 released

[intrigeri]

Hi Micah!

Micah Lee:
> I just released OnionShare 1.0!

Great news :)

> Here's the changelog: […]

Sounds good. Sadly, it comes too late for Debian 9 (Stretch), that's
been frozen since February 5: specific, targeted fixes for serious
issues can still go in, but new upstream releases with that many
changes are a non-starter.

So, we'll maintain 0.9.1 in Stretch for 5 years (on top of 0.6 that's
in Jessie, that's here to stay for another 3 years now). Unless you
recommend we instead do *not* include OnionShare in Stretch, and
support it only via stretch-backports.

Is there any specific, targeted fix for serious issues that we should
really cherry-pick on top of 0.9.1 to make it suitable for inclusion
into a Debian stable release (and then try to get unblocked so they're
included in Debian Stretch)? Would you consider maintaining a 0.9.X
LTS branch upstream, or do we need to handle the delta on our side?

> It includes support for using a system tor instead of only supporting
> Tor Browser, which means I think we should drop the dependency on
> torbrowser-launcher, and move onionshare from contrib into main.

:)))

> Here's more information about using a system tor [1]. Basically, either
> the user needs to be part of the debian-tor group and set OnionShare to
> use the socket file /var/run/tor/control, or you need to edit the torrc
> and enable the control port, optionally configure a password, and set
> OnionShare to use the control port. So it might take some creativity on
> Debian's part to make OnionShare "just work" without manual
> configuration, but it's definitely doable.

Great. I think it'll get easier and safer once we have Tails' control
port filter in Debian.

Cheers,
-- 
intrigeri