[liberationtech] Freedom Hosting, Tormail Compromised // OnionCloud
Jacob Appelbaum
jacob at appelbaum.net
Tue Aug 6 02:55:25 PDT 2013
Nadim Kobeissi:
>
> On 2013-08-06, at 11:46 AM, Al Billings <albill at openbuddha.com>
> wrote:
>
>> Nadim you seem confused by how this works. Tor doesn't need to
>> issue advisories for Firefox issues. We, at Mozilla, already issue
>> them. Perhaps they can link to them clearly but if you want to know
>> about security issues Mozilla fixes in Firefox, you're best served
>> by reading Mozilla advisories. There's not much point in
>> duplicating them on a second site. Tor would be better served by
>> writing advisories for its own, unique, security fixes.
>
> Tor doesn't need to issue advisories for Firefox issues. Tor needs to
> issue advisories for Tor Browser issues, and not five weeks later
> when s**t hits the fan. I really don't think one can reasonably
> disagree with the above statement. Tor Browser is a Firefox fork.
Should we issue a single advisory for each possible security issue that
Firefox has already noted in their change log? Each confirmed security
issue? Should we ask for a second CVE to cover each CVE they receive?
Your point is unclear in practice. Please do spell it out and if
possible, please demonstrate how you do so in your own projects?
All the best,
Jacob
More information about the liberationtech
mailing list