[tor-bugs] #13966 [Tor]: Publish guidelines for reporting exploits
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Dec 15 20:43:51 UTC 2014
#13966: Publish guidelines for reporting exploits
-------------------------+-------------------------------------------------
Reporter: michael | Owner:
Type: task | Status: new
Priority: normal | Milestone:
Component: Tor | Version:
Resolution: | Keywords: Exploit, security, response,
Actual Points: | documentation, wiki
Points: | Parent ID:
-------------------------+-------------------------------------------------
Comment (by michael):
Replying to [comment:1 nickm]:
> On the short term: if this is the position you're in now, find the name
of the person who is maintaining that component, find their PGP key, and
send them an encrypted email. And do it again if you haven't heard back
from them in a day or two.
>
Right, and [https://www.torproject.org/about/corepeople.html Core Tor
People] is a good place to start.
[[BR]]
> Longer-term: Yes, we should document this! And maybe even have an alias
and key for the purpose.
>
About whether to assign an alias or real person, it might be useful
examining the FreeBSD project's [http://www.freebsd.org/security/ security
policies]. Rather than reinventing the wheel, that is.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13966#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list