[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Responsible disclosure

To: "tor-dev@xxxxxxxxxxxxxxxxxxxx" <tor-dev@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-dev] Responsible disclosure
From: Damian Johnson <atagar@xxxxxxxxxxxxxx>
Date: Thu, 18 Sep 2014 14:05:52 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 18 Sep 2014 17:06:03 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=mYGS02oWG1CcKUH/R1RRvv53Yj3akrjjRBwX3yWsfiI=; b=DXJU+Bi+fkPcCcHUS5zaSoCRtbg2kV8sDBTZaGrnYMM3Uc1v8cI8HVf8EI9gXvXKv7 sEo+KIiy+3Ql1GTdcxmdKYPyVdbtWfNrWHwlsfHBoZ4GTe/3K8gv/v4rz/jSnLRd3Pn+ 0pmbnLSC6H3s4MN7mryBc0lhAZHooXWi4BtQCdq9VSEbvmKGF7IFIQ7WLN1qmvM7BTZj oUJROtlQDEY0qNUxYnTEqBeX4xRwY3qin64M9wjNbqr6E4A8Qilf1tckJgqNrlZl+/pF HI9qiUodhYsXvwAKltmYO89dfTazshBhh92zI3h3nY+iRhjSOCb/rM9QKHGBVouHOXh7 VamQ==
In-reply-to: <20140918205944.GA29684@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <20140918205944.GA29684@xxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi Bram. If it's security related then we have...

https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-security

... which is a closed list soly subsribed to by Nick and a few others.
That said though we set that list up years ago for this purpose and
I'm not spotting it advertised anywhere, so might no longer be the
best point of contact. Nick can advise.

Cheers! -Damian


On Thu, Sep 18, 2014 at 1:59 PM, Bram de Boer <bram@xxxxxxxxx> wrote:
> Hi,
>
> How can I responsibly report a bug that might affect security (e.g. possibility to DoS Tor nodes)? I searched the torproject.org website, but couldn't find any pointers with respect to responsible disclosure.
>
> Do I just file a trac ticket and/or drop it in this mailinglist? Do I report it directly to some of the key players in this project (Roger, Nick, etc.)?
>
> Thanks,
> Bram
>
> _______________________________________________
> tor-dev mailing list
> tor-dev@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Responsible disclosure
  - From: SiNA Rabbani

References:
- [tor-dev] Responsible disclosure
  - From: Bram de Boer

Prev by Author: Re: [tor-dev] Guardiness: Yet another external dirauth script
Next by Author: [tor-dev] Damian's Status Report - September 2014
Previous by thread: [tor-dev] Responsible disclosure
Next by thread: Re: [tor-dev] Responsible disclosure
Index(es):
- Author
- Thread