[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13966 [Tor]: Publish guidelines for reporting exploits

Subject: Re: [tor-bugs] #13966 [Tor]: Publish guidelines for reporting exploits
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 15 Dec 2014 20:43:51 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 15 Dec 2014 15:44:02 -0500
In-reply-to: <047.2e81e545c40a61d140ae84322dfee7fd@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.2e81e545c40a61d140ae84322dfee7fd@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#13966: Publish guidelines for reporting exploits
-------------------------+-------------------------------------------------
     Reporter:  michael  |      Owner:
         Type:  task     |     Status:  new
     Priority:  normal   |  Milestone:
    Component:  Tor      |    Version:
   Resolution:           |   Keywords:  Exploit, security, response,
Actual Points:           |  documentation, wiki
       Points:           |  Parent ID:
-------------------------+-------------------------------------------------

Comment (by michael):

 Replying to [comment:1 nickm]:
 > On the short term: if this is the position you're in now, find the name
 of the person who is maintaining that component, find their PGP key, and
 send them an encrypted email. And do it again if you haven't heard back
 from them in a day or two.
 >
 Right, and [https://www.torproject.org/about/corepeople.html Core Tor
 People] is a good place to start.
 [[BR]]
 > Longer-term: Yes, we should document this!  And maybe even have an alias
 and key for the purpose.
 >
 About whether to assign an alias or real person, it might be useful
 examining the FreeBSD project's [http://www.freebsd.org/security/ security
 policies]. Rather than reinventing the wheel, that is.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13966#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #13966 [Tor]: Publish guidelines for reporting exploits
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #11309 [Tor Support]: Improve how support statistics are reported
Next by Author: [tor-bugs] #13967 [- Select a component]: my client say me
Previous by thread: Re: [tor-bugs] #13966 [Tor]: Publish guidelines for reporting exploits
Next by thread: Re: [tor-bugs] #11309 [Tor Support]: Improve how support statistics are reported
Index(es):
- Author
- Thread