Kevin O'Gorman

Nope, happy to approve if you're ok with said change

Would it be worth explicitly switching URLs in sources.list to HTTPS versions?

> * My first impression is I would support keeping things as simple as possible and accepting the same observability properties as we do for replies, rather than trying to...

> I agree that this will be good to discuss further before trying to prioritize. The questions that jump out at me are: > > 1. whether we can reduce...

debatable whether this one is high-priority, as it fixes a bug affecting exit relays only: https://forum.torproject.org/t/security-release-0-4-8-10/10536

Looks like efforts to build with `--enable-gpl` are in progress: https://gitlab.torproject.org/tpo/core/debian/tor/-/commit/2ed69025aba31eb16c90c0782e756158edfeca4a

@prateekj117 there is probably a bit more there to do, as I'd expect this would be an optional setting that admins could enable/disable - and we'd have to apply it...

some useful docs here: https://gitlab.torproject.org/tpo/onion-services/onion-support/-/wikis/Documentation/PoW-FAQ#configuring-an-onion-service-with-the-pow-protection The default config looks like this (added as part of a hidden service stanza): ``` HiddenServicePoWDefensesEnabled 1 # HiddenServicePoWQueueRate 250 # HiddenServicePoWQueueBurst 2500 ``` PoWQueueRate...

Apologies @Thorin-Oakenpants! we've been a bit all over the place lately! this would definitely be a good addition, and we'd be happy to get a PR.

IMO this should be a `securedrop-client` issue. This would involve some non-trivial JI changes and also require additional source metadata if done server-side, which we should avoid on principle. If...