# -*- mode: python ; coding: utf-8 -*- # # +---------------+ # | bridgedb.conf | # +---------------+ # # This file uses Python syntax, and is sourced as if it were a .py file. Just # pretend you're writing Python, and everything will be peachy keen. #______________________________________________________________________________ # # Part of BridgeDB, a Tor bridge distribution system. # # :authors: The Tor Project, Inc. # :license: This file is freely distributed as part of BridgeDB, see LICENSE # for details. # :copyright: (c) 2007-2017 The Tor Project, Inc. # (c) 2007-2017, all sentient entities within the AUTHORS file # :version: 0.3.3 #=============================================================================== # # CHANGELOG: # ~~~~~~~~~~ # Changed in version 0.3.3 - 2015-07-22 # * ADD new options, CSP_ENABLED, CSP_REPORT_ONLY, and CSP_INCLUDE_SELF for # setting options related to HTTP(S) Distributor Content Security Policy # settings. # # Changed in version 0.3.2 - 2015-04-30 # * CHANGE to using BridgeDB release versions for bridgedb.conf file versions. # * ADD support for specifying bridge rotation periods via the # EMAIL_ROTATION_PERIOD and HTTPS_ROTATION_PERIOD settings. # * ADD a new option, IGNORE_NETWORKSTATUS, which controls if BridgeDB cares # whether or not a bridge was present in the BridgeAuthority's # networkstatus-bridges file, as well as what information is gleaned from # the bridge-networkstatus documents within that file. # # Changed in version 0.0.15 - 2015-03-26 # * ADD new SUPPORTED_TRANSPORTS and DEFAULT_TRANSPORT settings. # # Changes in version 0.0.14 - 2015-02-22 # * ADD new OpenPGP-related options: # - EMAIL_GPG_HOMEDIR # - EMAIL_GPG_PRIMARY_KEY_FINGERPRINT # - EMAIL_GPG_PASSPHRASE # - EMAIL_GPG_PASSPHRASE_FILE # * REMOVE old OpenPGP signing key file option, EMAIL_GPG_SIGNING_KEY. # # Changes in version 0.0.13 - 2015-02-20 # * ADD NO_DISTRIBUTION_COUNRIES option for refusing to distribute bridges # whose primary ORAddress is geolocated to any of some certain countries. # # Changes in version 0.0.12 - 2015-02-06 # * ADD a dictionary of TASKS to be run and the intervals at which they # should be repeated. # # Changes in version 0.0.11 - 2014-07-06 # * ADD EMAIL_BLACKLIST and EMAIL_FUZZY_MATCH settings. # # Changes in version 0.0.10 - 2014-06-06 # * Support requiring distribution of bridges with the "Running" flag. # # Changes in version 0.0.9 - 2014-06-06 # * ADD EMAIL_WHITELIST setting. # # Changes in version 0.0.8 - 2014-05-14 # * CHANGE RECAPTCHA_PRIV_KEY to RECAPTCHA_SEC_KEY. # # Changes in version 0.0.7 - 2014-03-31 # * ADD new settings for tracing function calls and thread info within logged # messages: LOG_THREADS, LOG_TRACE, and LOG_TIME_FORMAT. # # Changes in version 0.0.6 - 2014-03-28 # * CHANGE gimp-captchas to be the norm. # * ADD bucket for support team. # # Changes in version 0.0.5 - 2014-02-27 # * ADD GIMP_CAPTCHA_ENABLED, GIMP_CAPTCHA_DIR, GIMP_CAPTCHA_HMAC_KEYFILE, # and GIMP_CAPTCHA_RSA_KEYFILE settings (see #10809). # * Decrease email share. # * Whitelist the public IP address of bridges.torproject.org in # RECAPTCHA_REMOTE_IP setting. # # Changes in version 0.0.4 - 2014-01-24 # * ADD COLLECT_TIMESTAMPS option (see #10724). Set it to False for the # staging instance (etc/test-bridgedb.conf), and True for the production # server (etc/bridgedb.conf). # # Changes in version 0.0.3 - 2014-01-17 # * UPDATE config from bridgedb.git/bridgedb.conf, without changing any of the # settings. # # Changes in version 0.0.2 - 2014-01-17 # * ADD missing settings, EMAIL_GPG_SIGNING_ENABLED and EMAIL_GPG_SIGNING_KEY. # # Changes in version 0.0.1 - 2013-08-30 # * ADD version of config file in use on ponticum. # - Two config variables, RECAPTCHA_PUB_KEY and RECAPTCHA_PRIV_KEY, have # been removed, they can be found in: # patches/001-bridgedb-conf-recaptcha-vars.patch. # * CLEANUP the config file slightly (such as adding these headers) and # fixing the linewraps. No other variables were touched. # #=============================================================================== #===========================# # General-purpose options # #___________________________# #---------------- # Required Files \ You'll want to make sure that these ones exist! #------------------------------------------------------------------------------ # # All filenames are taken as relative to the RUNTIME directory, which is the # current working directory when you call the ``bridgedb`` script, or you may # specify a particular RUNTIME directory by doing: # # $ bridgedb -r /path/to/some/nice/place # # Obviously, this config file should live in that directory, so that BridgeDB # can read it. #------------------------------------------------------------------------------ # List of directories which contain versions of the files specified in # BRIDGE_FILES, EXTRA_INFO_FILES, and STATUS_FILE. BRIDGE_AUTHORITY_DIRECTORIES = ["from-authority", "from-bifroest"] # List of filenames from which we read ``@type bridge-server-descriptor``s, on # startup and on SIGHUP. BRIDGE_FILES = ["bridge-descriptors"] # List of filenames from which we read ``@type bridge-extra-info`` # descriptors, for learning about a bridge's pluggable transports: EXTRA_INFO_FILES = ["cached-extrainfo", "cached-extrainfo.new"] # Filename from which we read ``@type bridge-network-status`` entries, for # learning which current bridges are Running, as well as their IPv6 addresses. STATUS_FILE = "networkstatus-bridges" # If ``True``, then the only information which we obtain from the # networkstatus file (the ``STATUS_FILE`` option) created by the # BridgeAuthority are the bridge flags (i.e. "Running", "Stable", etc.), and # we ignore all errors which have anything to do with networkstatus being # wrong, out-of-date, or missing. # # Otherwise, if ``False``, use the networkstatus to determine which bridges # should be distributed. # # See https://bugs.torproject.org/9380#comment:39, # https://bugs.torproject.org/11216, and https://bugs.torproject.org/15866. # IGNORE_NETWORKSTATUS = True #---------------- # Output Files \ Where to store created data #------------------------------------------------------------------------------ # # These will get automatically created for you, just specify where they should # go. #------------------------------------------------------------------------------ # Either a file to log to, or None if we should log to the console. LOGFILE = "bridgedb.log" # File in which to write our pid PIDFILE = "bridgedb.pid" # Filename of the database to store persistent info in. DB_FILE = "bridgedist.db" # Filename to log changes to persistent info in. For debugging and bugfixing. DB_LOG_FILE = "bridgedist.log" # Filename where we store our secret HMAC root key. This file and the key # inside are automatically created for you if they do not exist. MASTER_KEY_FILE = "secret_key" # File to which we dump bridge pool assignments for statistics. ASSIGNMENTS_FILE = "assignments.log" # Name of the file that contains BridgeDB's metrics. METRICS_FILE = "bridgedb-metrics.log" #------------------ # Logging Options \ #------------------------------------------------------------------------------ # # Be sure to also see the LOGFILE option above! #------------------------------------------------------------------------------ # One of "DEBUG", "INFO", "WARNING", "ERROR", or "FATAL: LOGLEVEL = "DEBUG" # If true, we scrub all potentially identifying information before we log it SAFELOGGING = True # Logfile rotation settings LOGFILE_COUNT = 5 LOGFILE_ROTATE_SIZE = 10000000 # If True, include thread IDs and numbers in log messages, if available: LOG_THREADS = False # If True, include the module name, function name, and line number of the # calling function where the log message was generated: LOG_TRACE = True # A strftime(3) format string that specifies how to log timestamps: LOG_TIME_FORMAT = "%H:%M:%S" #--------------------------- # Database/Parsing Options \ #------------------------------------------------------------------------------ # # These options change various database transaction and descriptor parsing # behaviours. #------------------------------------------------------------------------------ # (boolean) If True, then collect, sort, and store all timestamps seen for all # bridges. This operation is extremely expensive, and should be disabled when # it is not necessary. COLLECT_TIMESTAMPS = False #------------------------------- # General Distribution Options \ #------------------------------------------------------------------------------ # # These options are not specific to a certain distributor and they may alter # the bridge selection process in certain circumstances. #------------------------------------------------------------------------------ # Filename that contains blocked bridges list. Comment out to disable. #COUNTRY_BLOCK_FILE = "blocked-bridges" # (list of two-character, uppercased strings for country codes) Don't # distribute bridges whose main ORPort IP address is geolocated to any of the # following countries: NO_DISTRIBUTION_COUNTRIES = ['IR', 'SY'] # The path to a file containing the fingerprints of blacklisted bridges and # their reason for being blacklisted. An entry should be in the form: # # FINGERPRINT [SP REASON] # # where REASON is optional and may contain whitespace. # # (See NO_DISTRIBUTION_FINGERPRINTS in the code for how this is used.) NO_DISTRIBUTION_FILE = None # A list of filenames that contain IP addresses (one per line) of proxies. # All IP-based distributors that see an incoming connection from a proxy # will treat them specially. PROXY_LIST_FILES = [] # If possible, always give a certain number of answers with a given ORPort. # This is a list of ``(port, minimum)`` tuples. FORCE_PORTS = [(443, 1)] # If possible, always give a certain number of answers with a given flag. # Both "Running" and "Stable" are supported. # This is a list of (flag,minimum) tuples. FORCE_FLAGS = [("Stable", 1)] # Only consider routers whose purpose matches this string. BRIDGE_PURPOSE = "bridge" # TASKS is a dictionary mapping the names of tasks to a tuple consisting of the # frequency with which they should be run (in seconds) and a boolean value # expressing if the task should be run immediately after start up. If a task's # frequency is set to 0, it will not be scheduled to run. TASKS = { # Download a list of Tor exit relays once every three hours (by running # scripts/get-exit-list) and add those exit relays to the list of proxies # loaded from the PROXY_LIST_FILES: 'GET_TOR_EXIT_LIST': (3 * 60 * 60, True), # Delete *.unparseable descriptor files which are more than 24 hours old: 'DELETE_UNPARSEABLE_DESCRIPTORS': (24 * 60 * 60, False), # Export usage metrics every 24 hours: 'EXPORT_METRICS': (24 * 60 * 60, False), } # SUPPORTED_TRANSPORTS is a dictionary mapping Pluggable Transport methodnames # to booleans. If ``True``, the PT is distributed; if ``False``, it isn't. SUPPORTED_TRANSPORTS = { 'obfs2': False, 'obfs3': False, 'obfs4': True, 'scramblesuit': False, 'fte': False, } # PROBING_RESISTANT_TRANSPORTS is a list of transports that are resistant to # active probing attacks as pioneered by China's GFW. If a bridge supports any # of the following transports, only these transports are distributed, and no # others. Here's why: If we have a bridge that supports both obfs3 and obfs4, # we don't want to hand out its obfs3 line to users because this may get the # bridge probed and its IP address blocked, which also blocks the obfs4 PT. PROBING_RESISTANT_TRANSPORTS = ['scramblesuit', 'obfs4'] # DEFAULT_TRANSPORT is a string. It should be the PT methodname of the # transport which is selected by default (e.g. in the webserver dropdown # menu). DEFAULT_TRANSPORT = 'obfs4' # HTTP headers that suggest that a request was issued by a bot. The CSV # file must have the following format: #
, # ... # For example: # Accept-Language,[Kk]lingon BLACKLISTED_REQUEST_HEADERS_FILE="blacklisted-request-headers.csv" # List of tuples that specify blacklisted tor version ranges. The first # element marks the start of the range and the second element marks the end. # Both the start *and* the end version are blocked too. If you want to block a # single version, have the start and end range be identical. BridgeDB won't # distribute bridges whose version falls within any version ranges. BLACKLISTED_TOR_VERSIONS = [ ('0.3.4', '0.3.4.9'), # See . ('0.3.5', '0.3.5.6') ] # Decoy bridges that we are handing out to bots that we detected using the # regular expressions in BLACKLISTED_REQUEST_HEADERS_FILE. The CSV file must # have the following format: # v, # ... # For example: # vanillav4,1.2.3.4:1234 0123456789ABCDEF0123456789ABCDEF01234567 # vanillav6,[::1]:1234 0123456789ABCDEF0123456789ABCDEF01234567 # obfs4v4,obfs4 1.2.3.4:1234 public-key=... node-id=... iat-mode=... DECOY_BRIDGES_FILE="decoy-bridges.csv" #------------------------------- # Moat Distribution Options \ #------------------------------------------------------------------------------ # # These options configure the behaviour of a web interface which speaks JSON API # to a remote application in order to present said application with the # necessary information for creating a user interface for bridge distribution # mechanism, similar to the web interface of BridgeDB's HTTPS Distributor. If # MOAT_DIST is enabled, make sure that the MOAT_CERT_FILE and MOAT_KEY_FILE # options point to the correct location of your SSL certificate and key! # ------------------------------------------------------------------------------ # (boolean) True to enable distribution via Moat; False otherwise. MOAT_DIST = True # (boolean) True to only allow Moat distribution via a Meek tunnel. False to # only allow Moat distribution via untunneled HTTP(S). MOAT_DIST_VIA_MEEK_ONLY = True # Certificate file and private key for the Moar Distributor. To create a # self-signed cert, run ``scripts/make-ssl-cert`` it will create these files # in your current directory. MOAT_TLS_CERT_FILE="moat-tls.crt" MOAT_TLS_KEY_FILE="moat-tls.pem" # (string) The Fully-Qualified Domain Name (FQDN) of the server that the Moat # and/or HTTPS distributor(s) is/are publicly reachable at. if MOAT_DIST_VIA_MEEK_ONLY: MOAT_SERVER_PUBLIC_ROOT = '/meek/moat' else: MOAT_SERVER_PUBLIC_ROOT = '/moat' # How many bridges do we give back in an answer (either HTTP or HTTPS)? MOAT_BRIDGES_PER_ANSWER = 3 # (list) An ordered list of the preferred transports which moat should # distribute, in order from most preferable to least preferable. MOAT_TRANSPORT_PREFERENCE_LIST = ["obfs4", "vanilla"] # (string or None) The IP address where we listen for HTTPS connections. If # ``None``, listen on the default interface. MOAT_HTTPS_IP = '127.0.0.1' # (integer or None) The port to listen on for incoming HTTPS connections. MOAT_HTTPS_PORT = 6791 # (string or None) The IP address to listen on for unencrypted HTTP # connections. Set to ``None`` to disable unencrypted connections to the web # interface. MOAT_HTTP_IP = None # (integer or None) The port to listen on for incoming HTTP connections. MOAT_HTTP_PORT = None # If true, there is a trusted proxy relaying incoming messages to us: take # the *last* entry from its X-Forwarded-For header as the client's IP. MOAT_USE_IP_FROM_FORWARDED_HEADER = True # If True, there is a misconfigured proxy relaying incoming messages # to us: take the *last* entry in the X-Forwarded-For header which is # not a loopback address (127.0.0.1/8) as the client's IP. MOAT_SKIP_LOOPBACK_ADDRESSES = True # How many clusters do we group IPs in when distributing bridges based on IP? # Note that if PROXY_LIST_FILES is set (below), what we actually do here # is use one higher than the number here, and the extra cluster is used # for answering requests made by IP addresses in the PROXY_LIST_FILES file. MOAT_N_IP_CLUSTERS = 4 # (string or None) The period at which the available bridges rotates to a # separate set of bridges. This setting can be used in the form # # "COUNT PERIOD" where # COUNT is an integer # PERIOD is one of "second", "minute", "hour", "day", # "week", or "month" (or any plural form). # # For example, setting HTTPS_ROTATION_PERIOD = "3 days" will result in the set # of bridges which are available through the web interface (either HTTP or # HTTPS) getting rotated once every three days. Setting this to None disables # rotation entirely. MOAT_ROTATION_PERIOD = "3 hours" # The location of the files which store the HMAC secret key and RSA keypair # (for checking captcha responses): MOAT_GIMP_CAPTCHA_HMAC_KEYFILE = 'moat_captcha_hmac_key' MOAT_GIMP_CAPTCHA_RSA_KEYFILE = 'moat_captcha_rsa_key' #------------------------------- # HTTP(S) Distribution Options \ #------------------------------------------------------------------------------ # # These options configure the behaviour of the web interface bridge # distribution mechanism. If HTTPS_DIST is enabled, make sure that the # HTTPS_CERT_FILE and HTTPS_KEY_FILE options point to the correct location of # your SSL certificate and key! #------------------------------------------------------------------------------ # Certificate file and private key for the HTTPS Distributor. To create a # self-signed cert, run ``scripts/make-ssl-cert`` it will create these files # in your current directory. HTTPS_CERT_FILE="cert" HTTPS_KEY_FILE="privkey.pem" # (string) The Fully-Qualified Domain Name (FQDN) of the server that the HTTP # and/or HTTPS distributor(s) is/are publicly reachable at. SERVER_PUBLIC_FQDN = 'bridges.torproject.org' # (string) The IP address that the HTTP and/or HTTPS distributor(s) is/are # publicly reachable at. This is used for fetching the list of Tor exit # relays which allow exits to this IP. SERVER_PUBLIC_EXTERNAL_IP = '38.229.72.19' # (boolean) True to enable distribution via HTTP or HTTPS; False otherwise. HTTPS_DIST = True # (string or None) The IP address where we listen for HTTPS connections. If # ``None``, listen on the default interface. HTTPS_BIND_IP = '127.0.0.1' # (integer or None) The port to listen on for incoming HTTPS connections. HTTPS_PORT = 6789 # How many bridges do we give back in an answer (either HTTP or HTTPS)? HTTPS_N_BRIDGES_PER_ANSWER = 3 # Should we tell http users about the bridge fingerprints? Turn this on # once we have the vidalia/tor interaction fixed for everbody. HTTPS_INCLUDE_FINGERPRINTS = True # If true, there is a trusted proxy relaying incoming messages to us: take # the *last* entry from its X-Forwarded-For header as the client's IP. HTTPS_USE_IP_FROM_FORWARDED_HEADER = False # How many clusters do we group IPs in when distributing bridges based on IP? # Note that if PROXY_LIST_FILES is set (below), what we actually do here # is use one higher than the number here, and the extra cluster is used # for answering requests made by IP addresses in the PROXY_LIST_FILES file. N_IP_CLUSTERS = 4 # (string or None) The period at which the available bridges rotates to a # separate set of bridges. This setting can be used in the form # # "COUNT PERIOD" where # COUNT is an integer # PERIOD is one of "second", "minute", "hour", "day", # "week", or "month" (or any plural form). # # For example, setting HTTPS_ROTATION_PERIOD = "3 days" will result in the set # of bridges which are available through the web interface (either HTTP or # HTTPS) getting rotated once every three days. Setting this to None disables # rotation entirely. HTTPS_ROTATION_PERIOD = "3 hours" # (string or None) The IP address to listen on for unencrypted HTTP # connections. Set to ``None`` to disable unencrypted connections to the web # interface. HTTP_UNENCRYPTED_BIND_IP = None # (integer or None) The port to listen on for incoming HTTP connections. HTTP_UNENCRYPTED_PORT = None # (boolean) Same as the HTTPS_USE_IP_FROM_FORWARDED_HEADER option, but for # unencrypted connections. HTTP_USE_IP_FROM_FORWARDED_HEADER = False # Options related to recaptcha support. # Enable/Disable recaptcha RECAPTCHA_ENABLED = False # Recaptcha API keys RECAPTCHA_PUB_KEY = '' RECAPTCHA_SEC_KEY = '' # The remoteip we send to reCAPTCHA during verification RECAPTCHA_REMOTEIP = '' # If true, use a local cache of generated CAPTCHAs: GIMP_CAPTCHA_ENABLED = True # The directory for the local CAPTCHA cache: GIMP_CAPTCHA_DIR = 'captchas' # The location of the files which store the HMAC secret key and RSA keypair # (for checking captcha responses): GIMP_CAPTCHA_HMAC_KEYFILE = 'captcha_hmac_key' GIMP_CAPTCHA_RSA_KEYFILE = 'captcha_rsa_key' # Content Security Policy Settings # -------------------------------- # (boolean) If True, enable use of CSP headers. This must be True for any # other CSP-related options to have any effect. # # If enabled, the default Content Security Policy (CSP) is: # # default-src 'none' ; # base-uri FQDN ; # script-src FQDN ; # style-src FQDN ; # img-src FQDN data: ; # font-src FQDN ; # # where "FQDN" is the value of the SERVER_PUBLIC_FQDN config setting. # # If CSP_INCLUDE_SELF is enabled, then "'self'" (literally, the word self # surrounded by single-quotes) will be appended to the value of the # SERVER_PUBLIC_FQDN config setting to create the "FQDN". CSP_ENABLED = True # (boolean) If True (and CSP_ENABLED is also True), then set a "report-only" # Content Security Policy. This means that client agents which run into # problems with or cause violations of our CSP settings will report data # regarding the problems/violations. This report data is then logged (at the # DEBUG level), along with the client's IP address (only if SAFELOGGING is # disabled, otherwise the client's IP address is not reported). CSP_REPORT_ONLY = False # (boolean) If True, then append "'self'" to the "FQDN" in the default CSP # header described above. CSP_INCLUDE_SELF = True #------------------------------- # Email Distribution Options \ #------------------------------------------------------------------------------ # # These options configure the behaviour of the email bridge distribution # mechanism. If EMAIL_DIST is enabled, make sure that the above # HTTPS_CERT_FILE and HTTPS_KEY_FILE options point to the correct location of # your SSL certificate and key! # ------------------------------------------------------------------------------ # True if we are enabling distribution via Email; false otherwise. EMAIL_DIST = True # (string or None) The period at which the available bridges rotates to a # separate set of bridges. This setting can be used in the form # # "COUNT PERIOD" where # COUNT is an integer # PERIOD is one of "second", "minute", "hour", "day", # "week", or "month" (or any plural form). # # For example, setting EMAIL_ROTATION_PERIOD = "3 days" will result in the set # of bridges which are available through the email interface getting rotated # once every three days. Setting this to None disables rotation entirely. EMAIL_ROTATION_PERIOD = "1 day" # What email addresses do we use for outgoing email? # EMAIL_FROM_ADDR goes in the 'From:' header on outgoing emails: EMAIL_FROM_ADDR = "bridges@torproject.org" # EMAIL_SMTP_FROM_ADDR goes in the 'MAIL FROM:' command in outgoing SMTP: EMAIL_SMTP_FROM_ADDR = "bridges@torproject.org" EMAIL_SMTP_HOST = "127.0.0.1" EMAIL_SMTP_PORT = 25 # Reject any RCPT TO lines that aren't to this user. EMAIL_USERNAME = "bridges" # Canonical versions of domains that we will reply to. EMAIL_DOMAINS = ["gmail.com", "riseup.net"] # Map from unofficial domain to canonical domain. EMAIL_DOMAIN_MAP = { "mail.google.com": "gmail.com", "googlemail.com": "gmail.com", "mail.riseup.net": "riseup.net", "fulvetta.riseup.net": "riseup.net", "fruiteater.riseup.net": "riseup.net", "mx1.riseup.net": "riseup.net", } # Map from canonical domain to list of options for that domain. Recognized # options are: # "ignore_dots" -- the service ignores "." characters in email addresses. # "dkim" -- if there is not a X-DKIM-Authentication-Result header # with the value "pass", then drop the message. # # Note that unrecognized options are ignored; be sure to spell them right! EMAIL_DOMAIN_RULES = { 'gmail.com': ["ignore_dots", "dkim"], 'riseup.net': ["ignore_dots", "dkim"], } # A mapping of whitelisted email addresses to GnuPG key fingerprints: EMAIL_WHITELIST = {} # A list of blacklisted email addresses: EMAIL_BLACKLIST = [] # An integer. This number will be used to calculate the Levenshtein String # Distance between the 'From:' email address on an incoming client request and # each of the blacklisted email addresses above. If the calculated distance is # equal or less than the number below, the address is assumed to be related to # one of the above blacklisted spammers. Basically, this allows for fuzzy # matching the blacklisted email addresses. Decreasing this number will allow # more email requests through; increasing will mean that a stricter match to # one of the blacklisted addresses is required before the address is blocked. # Set to `0` to disable. EMAIL_FUZZY_MATCH = 4 # If there are any IPs in this list, only allow incoming connections from # those IPs. EMAIL_RESTRICT_IPS = [] # IP and port to listen on for email connections. Debugging only. EMAIL_BIND_IP = "127.0.0.1" EMAIL_PORT = 6725 # How many bridges do we give back in an answer? EMAIL_N_BRIDGES_PER_ANSWER = 3 # Should we tell http users about the bridge fingerprints? Turn this on # once we have the vidalia/tor interaction fixed for everbody. EMAIL_INCLUDE_FINGERPRINTS = True #------------------------------- # Hashring Allocation Options \ #------------------------------------------------------------------------------ # # These options determine the proportions of bridges per hashring. When # BridgeDB receives a descriptor for a new bridge, that bridge is assigned to # a hashring. For example, if ``HTTPS_DIST`` and ``EMAIL_DIST`` are both # enabled, there is a hashring for bridges allocated to the HTTP(S) # Distributor, and another for the Email Distributor. In addition, an # "Unallocated" hashring is always created, in order to reserve some portion # of bridges for manual distribution, or as backup in the case of a major # blocking event. Once a bridge is assigned to one of these allocation groups, # it stays there; there is currently no mechanism for changing a bridge's # hashring allocation. # # Once a bridge is assigned to either of the first two groups, it stays there # persistently. The bridges are allocated to these groups in a proportion of # # ``MOAT_SHARE`` : ``HTTPS_SHARE`` : ``EMAIL_SHARE`` : ``RESERVED_SHARE`` # ------------------------------------------------------------------------------ # The proportion of bridges to allocate to Moat distribution. MOAT_SHARE = 20 # The proportion of bridges to allocate to HTTP distribution. HTTPS_SHARE = 10 # The proportion of bridges to allocate to Email distribution. EMAIL_SHARE = 2 # An integer specifying the proportion of bridges which should remain # unallocated, for backup usage and manual distribution. RESERVED_SHARE = 2