Updated https://www.whonix.org/wiki/Dev/Tor#Tor_Version - most noteably:
2. Use latest stable in TPO repository and allow testers to use the Tor nightly build in Whonix ™, with bug reporting bug to TPO
- Advantages: Latest features, better security, improved Tor Browser compatibility (using
SocksPortwith flags and even better connectivity performance). [3]- Disadvantages:
- From the Whonix ™ perspective, these packages are uploaded to
deb.torproject.orgat random times. These packages are not guaranteed to be compatible with Whonix ™. While there are no security concerns, these packages could break a system’s apt-get package management (due to incompatible dependencies) or connectivity, in case Tor refuses to start. This can arise due to a configuration incompatibility in a newer version of Tor, or for other reasons such as systemd or apparmor related changes.- In May 2021 a transient repository issue [archive] broke [archive] Whonix ™ build process.
- There is nothing similar to
snapshot.debian.org. Keeps changing (newer versions being added). Hence, can introduce build issues such as above. Unsuitable for reproducible builds / Verifiable Builds.- Porting to other architectures issues.
- Only available for the
i386,amd64,arm64architectures.- Introduces differences / issues such as for example for the
ppc64elplatform. [4]
Therefore for milestone_whonix_16 (Debian bullseye based) considering to go back to method:
1. Use the Tor LTS version from the official Debian package repository:
packages.debian.org
Downgrading to Tor version 0.4.5.7-1 as frozen, maintained by Debian for the bullseye release.
Though, the following could become an issue:
Missing new versions:
[…] Latest features, better security, improved Tor Browser compatibility (using
SocksPortwith flags and even better connectivity performance). [3]
I guess if that happens, have to go back to option 2.
Related:
Tor Upgrades