[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] BBC: NSA and GCHQ agents 'leak Tor bugs', alleges developer



On 14-08-30 07:31 AM, Patrick Schleizer wrote:
> Cypher:
>> On 08/24/2014 09:43 PM, Michael Wolf wrote:
>> The article was very interesting - except the part about 'here's how you
>> might want to fix this'. I certainly hope that the Tor project /is not/
>> accepting patches submitted by NSA or GCHQ! Sure, I realize those
>> agencies could very easily embed someone within the project (in fact,
>> don't a few of the Tor project folks work in intel?) but developing a
>> trusting relationship by accepting patches just seems like a bad idea to me.
> 
> How would they know the patches are made by someone paid by NSA or GCHQ?
> If they reject patches with the reason "made by NSA or GCHQ", I would
> assume that they will create a number of fake identities [if they don't
> already have them in abundance] and submit patches using fake identities
> by then.

There are several pseudonymous development sponsors (named only by
single letters).  Any of them could be GCHQ or NSA or one of their front
agencies.
It doesnt matter - all of the code remains open source and the
developers have their own public reputation to maintain.

It is counter-productuve to complain about contributors' backgrounds.
Instead, concerned people could put efforts into forming an independent,
funded group to audit the code and find/fix problems.  Everything i've
heard from Tor Project indicates to me they would welcome that sort of
contribution.

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk