[liberationtech] Freedom Hosting, Tormail Compromised // OnionCloud
Griffin Boyce
griffinboyce at gmail.com
Mon Aug 5 12:55:43 PDT 2013
Bernard Tyers - ei8fdb <ei8fdb at ei8fdb.org> wrote:
> By what Roger Dingledine from Tor has stated in a previous mail, The Tor
> Project provided the "you need to upgrade message" promptly. I don't know
> if that is enough. (But it is certainly a lot more that other providers of
> software would do.)
>
I can really only speak for me, but I think that a larger part is "what
constitutes full disclosure?" Is it a broad advisory? Is it a blog post? Is
it tweets? What constitutes a bug big enough to warrant that type of
announcement? Every software project has to come up with answers to these
questions. FWIW, I keep up with Tor news far more than an average user, and
still did not know about this vuln until a couple of days ago.
I would like to see Tor broadcasting recent
vulnerabilities/issues/enhancements on the check.torproject.org page.
Ironically (or not) Nadim and I had already been working on a different
TorCheck page when this news came out.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130805/9f91ecb6/attachment.html>
More information about the liberationtech
mailing list