[tor-bugs] #32896 [Applications/Tor Browser]: Keep track of security updates to parts of Tor Browser
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jan 8 11:45:52 UTC 2020
#32896: Keep track of security updates to parts of Tor Browser
------------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords: tbb-security
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+--------------------------
Tor Browser is actually bundle containing a bunch of software pieces like
Firefox, Tor, NoScript, OpenSSL. For some of those pieces (like Firefox,
Tor, NoScript) there is a way to keep track of security issues and their
fixes, be it due to code inspection and notification or, kind of, due to
automatic updates as in the NoScript case. But that does not hold for
every piece of the bundle.
We should two things to have at least a better overview about potential
security issues we want to fix:
a) We need to come up with all the parts of the bundle parts we think we
should track for security issues.
b) We need to actually track those pieces.
Mozilla had a [https://github.com/mozilla-services/third-party-library-
alert third-party library alert] tjr worked on a while back, which we
might be able to look at for help.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32896>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list