Thus spake sigi (tornode@xxxxxxxx): > Sorry, but at this point, I'm really asking myself, how I can trust > the concept of the torproject anymore? Some time ago, the users were > warned about the use of Torbutton with Firefox >3.6 - now the torproject > recommends to use their TorBrowserBundle - but it has automatic updates > for the browser included and some DigiNotar certificates? You are misunderstanding the situation. See other replies. Please bear with us. The DigiNotar fiasco forced us to release the Firefox 6-based TBBs as "stable" at least 2 weeks early (if not a full month), because we were unable to do source modifications to Firefox 3.6 on Windows to properly deal with the certificate updates and the initial "Dutch exemption". We would appreciate it if you tried to help us by diagnosing bugs and issues rather than calling our integrity into question over bugs that slipped in during a very high pressure situation. > I'm confused. And I'd like some clarification here. Possibly I should > switch back to my own browser-profile with torbutton? Is it as safe to > use the Torbrowserbundle, as it was one year ago to use tor with your > own browser with Torbutton? Is there any improvement? We hope to better answer these questions in a Tor Browser Bundle design document. Just one of the many other items that were supposed to go into a new "stable" release that got pushed aside due to recent events: https://trac.torproject.org/projects/tor/ticket/3812 -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgp8sKEWdixjZ.pgp
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk