[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #7085 [Tor bundles/installation]: Integrate Cryptocat Browser Extension into Tor Browser Bundle
#7085: Integrate Cryptocat Browser Extension into Tor Browser Bundle
--------------------------------------+-------------------------------------
Reporter: kaepora | Owner: erinn
Type: enhancement | Status: new
Priority: normal | Milestone: TorBrowserBundle 2.2.x-stable
Component: Tor bundles/installation | Version: Tor: unspecified
Keywords: | Parent:
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Comment(by kaepora):
Replying to [comment:37 cypherpunks]:
I was totally waiting for this to happen and am not surprised. It wouldn't
be the first time I've seen this kind of rhetoric from someone who works
at Tor.
> Nadim has been doing a great job for a person whose *first* serious
software project is a secure in-browser chat framework, but he is not
superman and his code stinks of inexperience. I just hope that the project
itself was a bit more low-key and not used by thousands of activists every
day.
First off, I think it's totally unbefitting of volunteers of a project
such as Tor to attack this discussion on a personal level. Cryptocat is
not developed just by me, it's developed hand in hand with a handful of
volunteers who work hard. And more importantly: If you have a problem with
the code, then ''point at specific examples in the code and submit bug
reports. ''Spreading this kind of FUD by attacking me personally and
ignoring the tremendous amount of volunteers and professional auditing
we've got on board and avoiding an actual review of our code is simply
counterproductive, unprofessional and demonstrates bad faith. I will not
accept it.
> Seems like he got an audit from Mario Heiderich, and they found
shitloads of issues in his code; that's not very promising. I just hope
that the audit he got is not only followed by a series of bugfix commits,
but also by a series of architecture changes that will not allow such
issues in the future.
Please read through this discussion â you will see that I have not only
linked to the [https://blog.crypto.cat/2012/11/security-update-a-follow-
up/ blog post]Âin which we discuss fixes to every issue pointed out in
Mario's audit, but also to the [https://blog.crypto.cat/2013/02/cryptocat-
passes-security-audit-with-flying-colors/ more recent blog post published
earlier this week] regarding our second audit by Veracode which detected
no vulnerabilities and gave Cryptocat a quality score of 100/100. These
official audits aside, Cryptocat has had more than a pair of eyes look
through the code, and we are as realistic and transparent as we can be
about our development process. With this in mind, I'm surprised that you
write as if the problems from our first audit are still not addressed.
I have been '''very '''thankful towards Mike Perry for breaking the
stereotype I've had of many hackers in the Internet freedom scene who
behave just like this. Mike has been willing to judge Cryptocat at face
value instead of responding with this level of crassness and
unprofessionalism. Even though it took four months to convince him to even
''start'' to test Cryptocat in TBB, I am very pleased with how long it
took because it involved a sincere, honest and productive discussion.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7085#comment:38>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs