[liberationtech] Freedom Hosting, Tormail Compromised // OnionCloud

Tue Aug 6 09:58:05 PDT 2013

Al, I'm not a developer, so please bear with me.

Do you disagree that TBB is forked software? If I fork Firefox and build my
own browser from there, do I have no responsibility to my users to fix bugs
that originated in your original code, now that my codebase is separate
from yours?

It seems the disagreement is centering on either A. whether or not Firefox
and TBB are completely separate pieces of software or B. whether or not I
have a responsibility to clearly notify my users why they should update
their software or what bugs may exist due to me using your buggy code,
rather than something with less bugs (albeit this seems
unlikely/nonexistent).

Thanks.

I'll be posting longer thoughts about the ramifications of this thread
later, but would like to note the flamey nature of posts all around has
made me hesitant so far, which is probably for the best as I'll take more
time to collect my thoughts.

Regards

Brian

On Tue, Aug 6, 2013 at 9:49 AM, Al Billings <albill at openbuddha.com> wrote:

>  Except this issue was a Firefox issue, fixed in ESR 17.0.7 and which we
> had posted an advisory for six weeks ago today. So, yes, you're asking Tor
> to copy and paste Firefox advisories. The issue wasn't a Tor-specific issue
> except that the way it was being spread targeted the TBB. It was a Firefox
> security issue, fixed in the last release. The people affected are those
> who hadn't gotten current.
>
> Al
>
> --
> Al Billings
> http://makehacklearn.org
>
> On Tuesday, August 6, 2013 at 2:45 AM, Nadim Kobeissi wrote:
>
> Nadim you seem confused by how this works. Tor doesn't need to issue
> advisories for Firefox issues. We, at Mozilla, already issue them. Perhaps
> they can link to them clearly but if you want to know about security issues
> Mozilla fixes in Firefox, you're best served by reading Mozilla advisories.
> There's not much point in duplicating them on a second site. Tor would be
> better served by writing advisories for its own, unique, security fixes.
>
>
> Tor doesn't need to issue advisories for Firefox issues. Tor needs to
> issue advisories for Tor Browser issues, and not five weeks later when s**t
> hits the fan.
> I really don't think one can reasonably disagree with the above statement.
> Tor Browser is a Firefox fork.
>
>
> --
> Liberationtech list is public and archives are searchable on Google. Too
> many emails? Unsubscribe, change to digest, or change password by emailing
> moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>

-- 

Brian Conley

Director, Small World News

http://smallworldnews.tv

m: 646.285.2046

Skype: brianjoelconley
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130806/e13d90d4/attachment.html>