[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] is it me or did tor talk get really quiet?

tortalk@xxxxxxxx wrote:
It depends on what you want to read. If you want some scary rants
about Tor and 0 days you might want to read:

"Bug that hit Firefox and Tor browsers was hard to spot now we know why"

His bug was interesting in a few ways. For one, it appeared weeks after he claimed to have it. Perhaps most surprising was that senior engineers needed to walk him through the problem he was interested in reporting (by Erinn Atwater & Ryan Duff [2]) before he could articulate it in any meaningful way. His insistence that it was a Tor-exclusive bug also cost him a bug bounty from Mozilla (their chart would appear to indicate $10k+ for a bug like that).

It's also worth noting that Tor released a patch the same day the bug was finally reported. Rotor Browser (jmprcx/movrcx's project) hasn't patched the issue [1], even though Mozilla and Tor both did.

or you follow this discussion.
"Take back community channels...High-level report-out notes from Roger"

That discussion happened in Feb/March of this year as part of the Winter meeting. The upcoming Seattle meeting is the Summer meeting (I know, I know). The link above shows the outcome of the discussion -- hence "report-out".

[2] https://twitter.com/errorinn/status/778012774416777216
[1] https://github.com/IndependentOnion/rotor-browser

Accept what you cannot change, and change what you cannot accept.
PGP: 0x03cf4a0ab3c79a63
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to