[tor-bugs] #9186 [Website]: Document how to report security vulnerabilities
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jul 1 10:51:38 UTC 2013
#9186: Document how to report security vulnerabilities
---------------------+------------------------------------------------------
Reporter: lunar | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Website | Version:
Keywords: | Parent:
Points: | Actualpoints:
---------------------+------------------------------------------------------
Comment(by lunar):
Quick summary of a following IRC conversation: ''the past approach has
been for people to gpg-encrypt their mail to one of me, nickm, ioerror, or
whoever else they think is the sole member of the tor project'' (arma).
That could be documented right now.
But ''that's not a great approach. i guess another option is for us to
create a tor-security gpg key and share it across said people'' (arma),
''so we could call it tor-security at tp.o'' (arma), ''who's "we"?'', ''you,
me, athena, mikeperry, and somebody?'' (nickm), ''works for me'' (arma).
But ''it needs to not be a 'cool kids club'' (arma) and an explicit set of
critera might be better.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9186#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list