[tor-bugs] #10498 [Tor bundles/installation]: Noscript. Path of trust.

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#10498: Noscript. Path of trust.
--------------------------------------+-----------------------
 Reporter:  cypherpunks               |          Owner:  erinn
     Type:  task                      |         Status:  new
 Priority:  normal                    |      Milestone:
Component:  Tor bundles/installation  |        Version:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
--------------------------------------+-----------------------
 Noscript is Firefox extension, known for years security tool and simplest
 way to stop stuff. Author of Noscript never used
 [http://forums.informaction.com/viewtopic.php?p=10981#p10981 public
 repository] for demonstrating development progress, all known code was
 available as standalone archive or file from [https://addons.mozilla.org/
 AMO]. However, author used to sign components of archive
 [http://hackademix.net/2013/07/20/noscript-and-flashgot-unsigned/ before
 2.6.6.9 version]. All we have now to try guess files wasn't modified on a
 way, and still chance to recreate history of development by hands or by
 3rd party [https://github.com/avian2/noscript repository for versions
 difference]

 TBB takes Noscript from servers of AMO during building and run-time addon
 updates. Do we trust them so much?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10498>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs