[tor-bugs] #9186 [Website]: Document how to report security vulnerabilities
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jul 21 21:43:38 UTC 2014
#9186: Document how to report security vulnerabilities
-------------------------+-----------------
Reporter: lunar | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Website | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-------------------------+-----------------
Changes (by mcs):
* cc: mcs (added)
Comment:
Regarding what email address to use, the following is summarized from a
tor-project IRC conversation:
- Section 4 of RFC 2142 says we should reserve security at ... for people to
report network / infrastructure security issues.
- On the other hand, Google advertises security at google.com as the method
to report software vulnerabilities as well as security incidents. See
http://www.google.com/about/appsecurity/
So maybe the right thing to do is to combine both roles behind one email
address (which will probably lead to more work / more hassle for us
internally, but it would make things easier for outsiders).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9186#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list