[tor-dev] prop224: What should we do with torrc options?
kernelcorn at torproject.org
Thu Nov 24 00:24:59 UTC 2016
On 11/23/2016 07:04 PM, Yawning Angel wrote:
> Our fix: "Add another command, that does essentially the same thing,
> because people picked the wrong options, then later deal with the
> fallout from people getting used to the temporary command, and crying
> when it's deprecated."
> I say "they should fix their code".
This issue with incorrect implementations reminds me of the
compatibility issues that cause issues with new SSL/TLS standards. These
implementations led to compatibility workarounds that introduced
security issues that had to be eventually fixed by TLS_FALLBACK_SCSV.
It's not our problem if their code breaks because they made incorrect
assumptions regarding the standard. The polite thing would be to submit
a patch so that Bitcoin nodes can update before we make the change.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 720 bytes
Desc: OpenPGP digital signature
More information about the tor-dev