[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Unsigned Mac OS X binary for TorBrowser

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Unsigned Mac OS X binary for TorBrowser
From: Greg Norcie <greg@xxxxxxxxxx>
Date: Fri, 09 Nov 2012 19:07:01 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 09 Nov 2012 19:07:13 -0500
Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=norcie.com; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; s=norcie.com; bh=v+hwwx RLj7VvGd9pfzePQjva/dM=; b=jczs3EfZbltTEhKMFD7T8q1bAwXlUC3sVawhkB JyxjarE7gR5bd8WAT1jtnI3ZKYeGEI/w3x/F/ShZBpU45AFynHht2gO6Ldr1qIma CZEyYXcCwj1nxCm1NcHFc1aTwDAVYM5abD/2m8VrFtX1GDx7emU4z/6Ec0MvdwJa Nm52M=
In-reply-to: <20121109232500.GL15647@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <354F4542-BE2D-4680-B4D3-4CBDA94FD243@xxxxxxxxxx> <20121109232500.GL15647@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:16.0) Gecko/20121026 Thunderbird/16.0.2

I guess it comes down to risk calculus:

Which has a worse outcome: training users to ignore security warning
from OSX, or the chilling effects an Apple NDA could have on the project.

(I don't pretend to know the answer myself.)

--
Greg Norcie (greg@xxxxxxxxxx)
GPG key: 0x1B873635

On 11/9/12 6:25 PM, Roger Dingledine wrote:
> On Fri, Nov 09, 2012 at 06:05:58PM -0500, Matthew Fisch wrote:
>> TorProject should be registered as an Apple software developer, and the
>> binary should be signed, both to increase credibility of the torproject
>> and the safety of users.
> 
> I agree with you about the 'safety of users' side. But I'm not so clear
> on the 'credibility' side. Last I checked, to become an official Apple
> developer, they required you to sign an NDA *in order to see the agreement
> they would then ask you to sign*.
> 
> We at Tor aren't big on signing blanket broad NDAs with large
> corporations, so you can see why we'd be hesitating (to put it nicely). I
> imagine we're not the only ones.
> 
> --Roger
> 
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> 
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Unsigned Mac OS X binary for TorBrowser
  - From: Jacob Appelbaum

References:
- [tor-talk] Unsigned Mac OS X binary for TorBrowser
  - From: Matthew Fisch
- Re: [tor-talk] Unsigned Mac OS X binary for TorBrowser
  - From: Roger Dingledine

Prev by Author: Re: [tor-talk] check.torproject.org
Next by Author: Re: [tor-talk] misconfigured mailing list (mailman software) for torproject discloses passwords in plaintext (stores too?)
Previous by thread: Re: [tor-talk] Unsigned Mac OS X binary for TorBrowser
Next by thread: Re: [tor-talk] Unsigned Mac OS X binary for TorBrowser
Index(es):
- Author
- Thread