## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

Source: corridor
Section: misc
Priority: optional
Maintainer: Patrick Schleizer <adrelanos@whonix.org>
Build-Depends: debhelper (>= 13), debhelper-compat (= 13)
Homepage: https://github.com/rustybird/corridor
Vcs-Browser: https://github.com/rustybird/corridor
Vcs-Git: https://github.com/rustybird/corridor.git
Standards-Version: 4.7.2
Rules-Requires-Root: no

Package: corridor
Architecture: all
Depends: ipset, socat, tor, ${misc:Depends}
Description: Tor traffic whitelisting gateway
 There are several transparently torifying gateways. They suffer from the same
 problems:
 .
  - It's tricky to isolate circuits and issue NEWNYM signals, especially if
  multiple client computers are involved.
  - Any garbage software can pump identifiers into "anonymous" circuits, and
  get itself exploited by malicious exit nodes.
  - Trust is centralized to the gateway, which is bad enough when used by one
  person, and just inappropriate when shared with strangers.
 .
 corridor takes a different approach. It allows only connections to Tor relays
 to pass through (no clearnet leaks!), but client computers are themselves
 responsible for torifying their own traffic. In other words, it is a filtering
 gateway, not a proxying gateway.
 .
 You can think of it as defense in depth for your vanilla Tor Browser or Tails,
 for your beautiful scary experimental Qubes proxying schemes, etc. Or invite
 the hood to use your Wi-Fi without getting into trouble.
