Just in case you need Nick's contact info:


pub   3072R/0x21194EBB165733EA 2004-07-03
      Key fingerprint = B35B F85B F194 89D0 4E28  C33C 2119 4EBB 1657 33EA
uid                 [ unknown] Nick Mathewson <nickm shift+2 alum.mit.edu>
uid                 [ unknown] Nick Mathewson <nickm shift+2 wangafu.net>
uid                 [ unknown] Nick Mathewson <nickm shift+2 freehaven.net>
uid                 [ unknown] [jpeg image of size 3369]
sub   3072R/0x910397D88D29319A 2004-07-03
sub   3072R/0xD2CA27F3F25B8E5E 2004-07-03


On Thu, Sep 18, 2014 at 5:05 PM, Damian Johnson <atagar@torproject.org> wrote:
Hi Bram. If it's security related then we have...

https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-security

... which is a closed list soly subsribed to by Nick and a few others.
That said though we set that list up years ago for this purpose and
I'm not spotting it advertised anywhere, so might no longer be the
best point of contact. Nick can advise.

Cheers! -Damian


On Thu, Sep 18, 2014 at 1:59 PM, Bram de Boer <bram@nosur.com> wrote:
> Hi,
>
> How can I responsibly report a bug that might affect security (e.g. possibility to DoS Tor nodes)? I searched the torproject.org website, but couldn't find any pointers with respect to responsible disclosure.
>
> Do I just file a trac ticket and/or drop it in this mailinglist? Do I report it directly to some of the key players in this project (Roger, Nick, etc.)?
>
> Thanks,
> Bram
>
> _______________________________________________
> tor-dev mailing list
> tor-dev@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
_______________________________________________
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev