[liberationtech] Freedom Hosting, Tormail Compromised // OnionCloud
Al Billings
albill at openbuddha.com
Tue Aug 6 10:07:42 PDT 2013
On Tuesday, August 6, 2013 at 9:58 AM, Brian Conley wrote:
> Al, I'm not a developer, so please bear with me.
>
> Do you disagree that TBB is forked software?
That depends on your definition. They aren't taking a fork of Firefox and running off with it for a year or two. They are (and I don't know the process) either forking each ESR release or applying our ongoing ESR patches to an ESR line. In either case, I think of it as Firefox ESR + Tor patches, not really as a fork.
> If I fork Firefox and build my own browser from there, do I have no responsibility to my users to fix bugs that originated in your original code, now that my codebase is separate from yours?
>
>
>
Except they did that and do that. That isn't the issue here. The bug was fixed six weeks ago. TBB took that fix. The users that got exploited were *not* running the current version. Firefox assigns CVEs and issues advisories for any externally reported security issue we fix and for internally reported issues that are not simply memory corruption or crashes. There is no point in the Tor folks cutting and pasting our advisories onto their site. They *may* wish to link to our advisories on our site but that's up to them.
Al
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130806/4ea0c9f7/attachment.html>
More information about the liberationtech
mailing list