[liberationtech] Freedom Hosting, Tormail Compromised // OnionCloud
Andy Isaacson
adi at hexapodia.org
Mon Aug 5 16:34:27 PDT 2013
On Tue, Aug 06, 2013 at 12:09:48AM +0200, Griffin Boyce wrote:
> We may have to disagree as to the way forward. I hate to be
> contentious, but it seems unlikely that Tor applied a patch without
> reading firefox's changelog.
I'm still not clear on what you want Tor to have done. Should they do a
RED FLASHING LETTERS blog post every time a security-critical bug gets
fixed in a new release? News flash, there are security-critical bugs
fixed in *every* release. Many of them aren't even *identified* as
security-critical bugs when they're fixed.
Users *have* to be up to date if they are going to try to do things in
this threat landscape. (Of course updates introduce their *own* can of
security worms, but far better to kill off the bugs we *know* are being
exploited than to worry overmuch about APTs burning backdoored
developers slipping malware into our reproducibly built cryptographically
hashed auditable source trail DVCS managed applications.)
-andy
More information about the liberationtech
mailing list