Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: document Tor proof-of-work defense via securedrop-admin sdconfig #569

Merged
merged 2 commits into from
Jun 14, 2024
Merged

docs: document Tor proof-of-work defense via securedrop-admin sdconfig #569

merged 2 commits into from
Jun 14, 2024

Conversation

cfm
Copy link
Member

@cfm cfm commented Jun 13, 2024
edited by nathandyer
Loading

Status

Ready for review

Description of Changes

Closes #568 by:

  1. explaining Tor's proof-of-work defense; and
  2. giving instructions on how to enable and disable it.

Testing

  • Visual review.

  • Is this a fair summary of our decision to enable this feature in sdconfig by default going forward?

    securedrop-docs/docs/admin/deployment/tor_pow.rst

    Lines 13 to 15 in 1b9209e

    services. As of SecureDrop 2.9.0, new SecureDrops have this feature enabled by
    default, and we encourage all SecureDrop administrators to turn it on for their
    instances. While this measure can't speed up the Tor network as a whole if it's

Release

This should be called out prominently in the v2.9.0 release notes.

Checklist (Optional)

  • Doc linting (make docs-lint) passed locally
  • Doc link linting (make docs-linkcheck) passed
  • You have previewed (make docs) docs at http://localhost:8000

@cfm cfm mentioned this pull request Jun 13, 2024
Closed
nathandyer
nathandyer reviewed Jun 13, 2024
View reviewed changes
Copy link
Contributor

@nathandyer nathandyer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This mostly LGTM, I think the explanation here makes sense and is straightforward as to why an admin might want to consider enabling the option. I left one comment regarding the workflow in regards to whether or not SecureDrop has to already be installed before this option can be enabled.

I'm also wondering if perhaps we should link back to this from this section in the docs: https://docs.securedrop.org/en/stable/admin/installation/install.html#configure-the-installation (We don't explicitly mention other options here, such as SSH-over-Tor, so I'm happy either way we decide here)

docs/admin/deployment/tor_pow.rst Outdated Show resolved Hide resolved
@cfm
Copy link
Member Author

cfm commented Jun 13, 2024

Thanks, @nathandyer! I've replied to your review feedback inline.

I don't feel strongly either way about linking to these instructions from #569 (comment). We want this to be a transparent improvement to SecureDrop's Tor performance, rather than something administrators should have to think about. (Though we should absolutely flag it in the release notes as a heads-up.)

nathandyer
nathandyer approved these changes Jun 14, 2024
View reviewed changes
Copy link
Contributor

@nathandyer nathandyer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With the most recent commit, everything here LGTM.

@nathandyer nathandyer added this pull request to the merge queue Jun 14, 2024
Merged via the queue into main with commit 540f2a1 Jun 14, 2024
4 checks passed
@nathandyer nathandyer deleted the 568-tor-pow branch June 14, 2024 18:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nathandyer nathandyer nathandyer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
SecureDrop dev cycle
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

document Tor proof-of-work defense
2 participants
@cfm @nathandyer