[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] prop224: What should we do with torrc options?



On 11/23/2016 07:04 PM, Yawning Angel wrote:
> Our fix: "Add another command, that does essentially the same thing,
> because people picked the wrong options, then later deal with the
> fallout from people getting used to the temporary command, and crying
> when it's deprecated."
> 
> I say "they should fix their code".

This issue with incorrect implementations reminds me of the
compatibility issues that cause issues with new SSL/TLS standards. These
implementations led to compatibility workarounds that introduced
security issues that had to be eventually fixed by TLS_FALLBACK_SCSV.

It's not our problem if their code breaks because they made incorrect
assumptions regarding the standard. The polite thing would be to submit
a patch so that Bitcoin nodes can update before we make the change.

--
Jesse

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev