[tor-bugs] #9186 [Website]: Document how to report security vulnerabilities

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jul 1 10:51:38 UTC 2013

#9186: Document how to report security vulnerabilities
 Reporter:  lunar    |          Owner:     
     Type:  defect   |         Status:  new
 Priority:  normal   |      Milestone:     
Component:  Website  |        Version:     
 Keywords:           |         Parent:     
   Points:           |   Actualpoints:     

Comment(by lunar):

 Quick summary of a following IRC conversation: ''the past approach has
 been for people to gpg-encrypt their mail to one of me, nickm, ioerror, or
 whoever else they think is the sole member of the tor project'' (arma).
 That could be documented right now.

 But ''that's not a great approach. i guess another option is for us to
 create a tor-security gpg key and share it across said people'' (arma),
 ''so we could call it tor-security at tp.o'' (arma), ''who's "we"?'', ''you,
 me, athena, mikeperry, and somebody?'' (nickm), ''works for me'' (arma).
 But ''it needs to not be a 'cool kids club'' (arma) and an explicit set of
 critera might be better.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9186#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list