Hi,
How can I responsibly report a bug that might affect security (e.g. possibility to DoS Tor nodes)? I searched the torproject.org website, but couldn't find any pointers with respect to responsible disclosure.
Do I just file a trac ticket and/or drop it in this mailinglist? Do I report it directly to some of the key players in this project (Roger, Nick, etc.)?
Thanks, Bram
Hi Bram. If it's security related then we have...
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-security
... which is a closed list soly subsribed to by Nick and a few others. That said though we set that list up years ago for this purpose and I'm not spotting it advertised anywhere, so might no longer be the best point of contact. Nick can advise.
Cheers! -Damian
On Thu, Sep 18, 2014 at 1:59 PM, Bram de Boer bram@nosur.com wrote:
Hi,
How can I responsibly report a bug that might affect security (e.g. possibility to DoS Tor nodes)? I searched the torproject.org website, but couldn't find any pointers with respect to responsible disclosure.
Do I just file a trac ticket and/or drop it in this mailinglist? Do I report it directly to some of the key players in this project (Roger, Nick, etc.)?
Thanks, Bram
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Just in case you need Nick's contact info:
pub 3072R/0x21194EBB165733EA 2004-07-03 Key fingerprint = B35B F85B F194 89D0 4E28 C33C 2119 4EBB 1657 33EA uid [ unknown] Nick Mathewson <nickm shift+2 alum.mit.edu> uid [ unknown] Nick Mathewson <nickm shift+2 wangafu.net> uid [ unknown] Nick Mathewson <nickm shift+2 freehaven.net> uid [ unknown] [jpeg image of size 3369] sub 3072R/0x910397D88D29319A 2004-07-03 sub 3072R/0xD2CA27F3F25B8E5E 2004-07-03
On Thu, Sep 18, 2014 at 5:05 PM, Damian Johnson atagar@torproject.org wrote:
Hi Bram. If it's security related then we have...
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-security
... which is a closed list soly subsribed to by Nick and a few others. That said though we set that list up years ago for this purpose and I'm not spotting it advertised anywhere, so might no longer be the best point of contact. Nick can advise.
Cheers! -Damian
On Thu, Sep 18, 2014 at 1:59 PM, Bram de Boer bram@nosur.com wrote:
Hi,
How can I responsibly report a bug that might affect security (e.g.
possibility to DoS Tor nodes)? I searched the torproject.org website, but couldn't find any pointers with respect to responsible disclosure.
Do I just file a trac ticket and/or drop it in this mailinglist? Do I
report it directly to some of the key players in this project (Roger, Nick, etc.)?
Thanks, Bram
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
-
Bram de Boer -
Damian Johnson -
SiNA Rabbani