[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #9186 [Website]: Document how to report security vulnerabilities

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #9186 [Website]: Document how to report security vulnerabilities
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 01 Jul 2013 10:51:38 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 01 Jul 2013 06:51:50 -0400
In-reply-to: <045.3d308989a0482bcbb714e1cdb0e3d8d0@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.3d308989a0482bcbb714e1cdb0e3d8d0@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#9186: Document how to report security vulnerabilities
---------------------+------------------------------------------------------
 Reporter:  lunar    |          Owner:     
     Type:  defect   |         Status:  new
 Priority:  normal   |      Milestone:     
Component:  Website  |        Version:     
 Keywords:           |         Parent:     
   Points:           |   Actualpoints:     
---------------------+------------------------------------------------------

Comment(by lunar):

 Quick summary of a following IRC conversation: ''the past approach has
 been for people to gpg-encrypt their mail to one of me, nickm, ioerror, or
 whoever else they think is the sole member of the tor project'' (arma).
 That could be documented right now.

 But ''that's not a great approach. i guess another option is for us to
 create a tor-security gpg key and share it across said people'' (arma),
 ''so we could call it tor-security@xxxx'' (arma), ''who's "we"?'', ''you,
 me, athena, mikeperry, and somebody?'' (nickm), ''works for me'' (arma).
 But ''it needs to not be a 'cool kids club'' (arma) and an explicit set of
 critera might be better.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9186#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #9186 [Website]: Document how to report security vulnerabilities
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #9169 [Tor bundles/installation]: Start for Tor Browser.exe starts then quits
Next by Author: Re: [tor-bugs] #9022 [Pluggable transport]: Create an XMPP pluggable transport
Previous by thread: [tor-bugs] #9186 [Website]: Document how to report security vulnerabilities
Next by thread: Re: [tor-bugs] #9186 [Website]: Document how to report security vulnerabilities
Index(es):
- Author
- Thread