[tor-talk] Automatic vulnerability scanning of Tor Network?

Lee ler762 at gmail.com
Tue Dec 20 22:20:27 UTC 2011

On 12/20/11, Nick Mathewson <nickm at alum.mit.edu> wrote:
> On Tue, Dec 20, 2011 at 1:35 PM, Fabio Pietrosanti (naif)
> <lists at infosecurity.ch> wrote:
>>> Absolutely brilliant.  Someone donates to your cause and, if they
>>> don't come up to your standards, you do your best to ensure they get
>>> pwned instead of just dropping them from the donor list.
>> If you want to participate to the Tor Network you must responsible, that
>> means also keeping your system secure.
> When I read Lee's above paragraph, I worry Lee might have gotten the
> idea that Fabio is speaking for Tor in some official capacity.  So:
> Please be aware that Fabio is speaking for himself, and does not speak
> on behalf of the Tor Project.

Thank you.  I haven't been keeping up with Tor & don't know who is
part of the team vs. invidudual contributor any more.

> For my own part, I am perfectly fine with the idea of working *with*
> server operators to help them secure their systems, and with making
> sure that only secure systems are on the network.

Which I would agree is a desirable goal.  As long as it's "working
with" instead of "dictating to."

>  But efforts in this
> area need to work with the foreknowledge and consent of node
> operators, and not alienate our volunteer community.  Also, the
> appropriate response to horribly insecure servers on the network would
> be to inform the operators and de-list the servers if they didn't get
> fixed--not to publicly post them but leave them on the network.  That
> would be the worst of all worlds.



More information about the tor-talk mailing list