From 4bfd0a12942f196fa0c38144f7c113ff9522410e Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sat, 12 May 2018 12:17:07 +0200 Subject: Document localhost vs 127.0.0.1 default proxy setting Closes: #895908 --- README.md | 9 ++++++++- debian/control | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7683c7e..823c453 100644 --- a/README.md +++ b/README.md @@ -77,13 +77,20 @@ be configured for individual sources via sources.list options. By default, apt-transport-tor uses the following SOCKS proxy setting, which is the default location of a locally installed Tor instance: - Acquire::tor::proxy "socks5h://apt-transport-tor@localhost:9050"; + Acquire::tor::proxy "socks5h://apt-transport-tor@127.0.0.1:9050"; Note the use of a username to make use of the default IsolateSOCKSAuth Tor setting for stream isolation, which requires Tor 0.2.4.19 to work well. This means your apt traffic will be sent over a different circuit from your regular Tor traffic and for each host you connect to. +Earlier apt versions (before 1.7) default to `localhost` instead of `127.0.0.1`. +This can lead to SRV requests being sent to a DNS server – for most users that +should be a local caching server, but for some it might be a more remote (and +hence potentially hostile) server. This is something to be aware of in general +if you are using a hostname in the configuration. On the upside this can give +you all the flexibility provided via SRV. + ### Disabling use of http(s) without Tor in APT APT >= 1.3 allows methods to be disabled without removing them from the system, diff --git a/debian/control b/debian/control index 5d88e05..7093a32 100644 --- a/debian/control +++ b/debian/control @@ -14,7 +14,7 @@ Package: apt-transport-tor Architecture: all Multi-Arch: foreign Depends: apt (>= 1.3~rc1), ${misc:Depends} -Recommends: apt (>= 1.6~alpha6), tor +Recommends: apt (>= 1.7~alpha1), tor Description: APT transport for anonymous package downloads via Tor Provides support in APT for downloading packages anonymously via the Tor network. -- cgit v1.2.3-70-g09d2