[tor-bugs] #7085 [Tor bundles/installation]: Integrate Cryptocat Browser Extension into Tor Browser Bundle

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Feb 14 19:17:20 UTC 2013


#7085: Integrate Cryptocat Browser Extension into Tor Browser Bundle
--------------------------------------+-------------------------------------
 Reporter:  kaepora                   |          Owner:  erinn                        
     Type:  enhancement               |         Status:  new                          
 Priority:  normal                    |      Milestone:  TorBrowserBundle 2.2.x-stable
Component:  Tor bundles/installation  |        Version:  Tor: unspecified             
 Keywords:                            |         Parent:                               
   Points:                            |   Actualpoints:                               
--------------------------------------+-------------------------------------

Comment(by kaepora):

 Replying to [comment:37 cypherpunks]:

 I was totally waiting for this to happen and am not surprised. It wouldn't
 be the first time I've seen this kind of rhetoric from someone who works
 at Tor.

 > Nadim has been doing a great job for a person whose *first* serious
 software project is a secure in-browser chat framework, but he is not
 superman and his code stinks of inexperience. I just hope that the project
 itself was a bit more low-key and not used by thousands of activists every
 day.

 First off, I think it's totally unbefitting of volunteers of a project
 such as Tor to attack this discussion on a personal level. Cryptocat is
 not developed just by me, it's developed hand in hand with a handful of
 volunteers who work hard. And more importantly: If you have a problem with
 the code, then ''point at specific examples in the code and submit bug
 reports. ''Spreading this kind of FUD by attacking me personally and
 ignoring the tremendous amount of volunteers and professional auditing
 we've got on board and avoiding an actual review of our code is simply
 counterproductive, unprofessional and demonstrates bad faith. I will not
 accept it.

 > Seems like he got an audit from Mario Heiderich, and they found
 shitloads of issues in his code; that's not very promising. I just hope
 that the audit he got is not only followed by a series of bugfix commits,
 but also by a series of architecture changes that will not allow such
 issues in the future.

 Please read through this discussion — you will see that I have not only
 linked to the [https://blog.crypto.cat/2012/11/security-update-a-follow-
 up/ blog post] in which we discuss fixes to every issue pointed out in
 Mario's audit, but also to the [https://blog.crypto.cat/2013/02/cryptocat-
 passes-security-audit-with-flying-colors/ more recent blog post published
 earlier this week] regarding our second audit by Veracode which detected
 no vulnerabilities and gave Cryptocat a quality score of 100/100. These
 official audits aside, Cryptocat has had more than a pair of eyes look
 through the code, and we are as realistic and transparent as we can be
 about our development process. With this in mind, I'm surprised that you
 write as if the problems from our first audit are still not addressed.

 I have been '''very '''thankful towards Mike Perry for breaking the
 stereotype I've had of many hackers in the Internet freedom scene who
 behave just like this. Mike has been willing to judge Cryptocat at face
 value instead of responding with this level of crassness and
 unprofessionalism. Even though it took four months to convince him to even
 ''start'' to test Cryptocat in TBB, I am very pleased with how long it
 took because it involved a sincere, honest and productive discussion.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7085#comment:38>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list