[tor-talk] Automatic vulnerability scanning of Tor Network?
ler762 at gmail.com
Tue Dec 20 22:20:27 UTC 2011
On 12/20/11, Nick Mathewson <nickm at alum.mit.edu> wrote:
> On Tue, Dec 20, 2011 at 1:35 PM, Fabio Pietrosanti (naif)
> <lists at infosecurity.ch> wrote:
>>> Absolutely brilliant. Someone donates to your cause and, if they
>>> don't come up to your standards, you do your best to ensure they get
>>> pwned instead of just dropping them from the donor list.
>> If you want to participate to the Tor Network you must responsible, that
>> means also keeping your system secure.
> When I read Lee's above paragraph, I worry Lee might have gotten the
> idea that Fabio is speaking for Tor in some official capacity. So:
> Please be aware that Fabio is speaking for himself, and does not speak
> on behalf of the Tor Project.
Thank you. I haven't been keeping up with Tor & don't know who is
part of the team vs. invidudual contributor any more.
> For my own part, I am perfectly fine with the idea of working *with*
> server operators to help them secure their systems, and with making
> sure that only secure systems are on the network.
Which I would agree is a desirable goal. As long as it's "working
with" instead of "dictating to."
> But efforts in this
> area need to work with the foreknowledge and consent of node
> operators, and not alienate our volunteer community. Also, the
> appropriate response to horribly insecure servers on the network would
> be to inform the operators and de-list the servers if they didn't get
> fixed--not to publicly post them but leave them on the network. That
> would be the worst of all worlds.
More information about the tor-talk