[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Automatic vulnerability scanning of Tor Network?



On 12/20/11, Nick Mathewson <nickm@xxxxxxxxxxxx> wrote:
> On Tue, Dec 20, 2011 at 1:35 PM, Fabio Pietrosanti (naif)
> <lists@xxxxxxxxxxxxxxx> wrote:
>
>>> Absolutely brilliant.  Someone donates to your cause and, if they
>>> don't come up to your standards, you do your best to ensure they get
>>> pwned instead of just dropping them from the donor list.
>>
>> If you want to participate to the Tor Network you must responsible, that
>> means also keeping your system secure.
>
> When I read Lee's above paragraph, I worry Lee might have gotten the
> idea that Fabio is speaking for Tor in some official capacity.  So:
> Please be aware that Fabio is speaking for himself, and does not speak
> on behalf of the Tor Project.

Thank you.  I haven't been keeping up with Tor & don't know who is
part of the team vs. invidudual contributor any more.

> For my own part, I am perfectly fine with the idea of working *with*
> server operators to help them secure their systems, and with making
> sure that only secure systems are on the network.

Which I would agree is a desirable goal.  As long as it's "working
with" instead of "dictating to."

>  But efforts in this
> area need to work with the foreknowledge and consent of node
> operators, and not alienate our volunteer community.  Also, the
> appropriate response to horribly insecure servers on the network would
> be to inform the operators and de-list the servers if they didn't get
> fixed--not to publicly post them but leave them on the network.  That
> would be the worst of all worlds.

+1

Lee
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk