Custom Query (71 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (31 - 45 of 71)

1 2 3 4 5
Ticket Summary Owner Component Milestone
#28783 Incomplete Content-Security-Policy blocks video on "Set up Relays" page hiro Webpages/Website
Description

Affected page: https://www.torproject.org/getinvolved/relays.html.en

Problem: "No video with supported format and MIME type found" The video's URL is https://media.torproject.org/video/2012-03-04-BuildingBridges.ogv and forbidden by CSP.

Solution: Change

Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'

(https://www.hardenize.com/report/torproject.org/1544035352#www_csp)

to

Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; media-src 'self' https://media.torproject.org

or even to

Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; media-src 'self' https://media.torproject.org; frame-ancestors 'self'; block-all-mixed-content; disown-opener; plugin-types application/pdf; base-uri 'self'

#27669 Replace recommendations to use tor-ramdisk with something better Webpages/Website
Description

arma lately mentioned that it is probably not a good idea anymore to use tor-ramdisk. I am looking into alternatives.

Currently tor-ramdisk is mentioned on the new (coming) community projects list (#16576) and the volunteer page: http://expyuzz4wqqyqhjn.onion/projects/projects.html.en https://github.com/torproject/webwml/pull/38

Also the wiki links it at several places: AutomationInventory doc/VM doc/EmbeddedTips

Wikipedia has a page about it (#27668).

Adding #13703 as parent to let them know of each other.

Which are good alternatives (in use)?

#27458 security.txt: Add acknowledgments page to honour our security researches Webpages/Website website redesign
Description

The page will be linked in https://torproject.org/.well-known/security.txt

Details: ​https://tools.ietf.org/html/draft-foudil-securitytxt-04#section-3.4.1 Basically a place to honour the work of former / current security researchers.

This could also go into #25475.

#27423 Sign security.txt Webpages/Website website redesign
Description

From comment:6:ticket:25131:

I suggest we use the tor-security list key, or some other key that many people trust.

#27421 Tor security policy Webpages/Website website redesign
Description

Tor Project currently has not general security policy. We need to work out a security policy that covers all of Tor: See https://trac.torproject.org/projects/tor/ticket/13968#comment:27

#27412 make bug tracker links on getinvolved page accessible without login qbi Webpages/Website
Description

The bug tracker link to Tor on https://www.torproject.org/getinvolved/volunteer.html.en requires a trac account. It is very unlikely that anyone visiting this page for the first time (like after clicking "Get Involved" on about:tor) is logged in.

This longer link gives the same result without login.

I don't know though if this should be fixed in trac or the website.

#26837 Move the "research-ideas" tickets to research ideas page Webpages/Website
Description

The Metrics/Analysis trac component has been gathering tickets that are not really suited to being trac tickets. The Metrics team certainly isn't going to look at them any time soon. I had tagged these with the keyword research-ideas.

The ideas page is at https://research.torproject.org/ideas.html on the portal.

#26836 Update and refresh the research portal Webpages/Website
Description

The research portal isn't the prettiest website, nor does it contain the most up to date information. This ticket will act as a central ticket for tasks around updating and refreshing the research portal.

#26808 Publish policy documents on www.torproject.org ggus Webpages/Website
Description

Background

In the past years we worked on many policy documents (CoC, membership policy, etc). We should make them available on a prominent page on torproject.org.

Current situation

The policy documents are published in the gitweb: https://gitweb.torproject.org/community/policies.git/tree/

Some other bylaws can be found here: https://www.torproject.org/about/financials.html.en

Expected situation

Create a section within "About Tor" named "Policies". With a general text describing our current policies.

I would also suggest that we inline describe our current values, how membership works, how voting works, etc.

Create formatted versions of:

  • CoC
  • Membership guidelines
  • statement of values
  • voting system
  • board documents (like bylaws)
  • ...

and link them from the main policy page.

*Timeline*

I would suggest that we collect ideas within this ticket and make a meeting in Mexico :-)

#26539 add checksums to download page; make checksum vs. sig file purpose much clearer traumschule Webpages/Website
Description

Gpg recently failed to verify a Tor Browser download - a first for me. Since data errors in downloads aren't as common as years ago, I assumed an error in the *.asc sig file itself, or other issues.

Such as my Linux GPG version not playing well with the version used to sign Tor Browser.

I wanted to verify checksum of the downloaded TBB, but after a few searches on TorProject didn't find the checksum, I re-download TBB. It was faster in the long run, but it's a big package to re-download for users with limited data plans, when a few byte checksum would suffice to see if there was a download data error.

I propose that checksum files - or a prominent link, be added to the download page - not make users hunt them. That's how many well run projects seem to do it - app packages, sig files & checksums are all easily found, or have links on the same page.

The statement, "See our instructions on how to verify package signatures, which allows you to make sure you've downloaded the file we intended you to get. Also, note that the Firefox ESR in our bundles is modified from the default Firefox ESR " should be placed above the packages & sig files, where users are far more likely to see it.

The wording could be stronger, clearer - why users would want to verify the TBB / other packages PGP signatures of downloads, EVEN from TorProject's site (not rely solely on checksums). A brief statement why verifying signed packages is important & how it's unrelated to using checksums. If users (of anything) don't understand a real purpose or need, they're more likely to skip steps.

I could write something to make changes, additions & submit for consideration, but only if there's interest in making changes to general security methods to educate users, that work for many products.

  • Verification instructions: They're generally good & someone did a lot of work, but many users unfamiliar w/ PGP / GPG's real purpose & the procedures may be clueless.

On the Windows verify instructions (maybe Linux, OS X), it's unclear which signature & which "package" they're verifying. If they're installing GPG or gpg4win, the instructions should include steps (or link to clear instructions) to first verify GPG itself (once), then a separate verification of downloaded Tor products - EVEN from TorProject's https site.

The statement, "make sure you've downloaded the file we intended you to get." means little to non-gpg users or slightly familiar. To many, they downloaded the correct platform package, therefore they "have the file intended for their OS." As far as they know, they did everything required.

#26314 Create "Learn More" Landing Page for TBA Webpages/Website
Description

When TBA is first launched there is a "Learn More" link the user can click. We should take advantage of this and create a useful webpage where the user can learn more. (Orfox currently has this, too, and the link goes to the Guardian Project's Orfox page.

#26307 Add link to Tor SlackBuild on download-unix.html.en Webpages/Website website redesign
Description

I thought it would be nice to add link to the Tor SlackBuild on download-unix.html.en. The SlackBuild works fine and is updated regularly.

The code would be something like this:

<tr class="beige">
<td align="center"><img src="$(IMGROOT)/distros/slackware.png" alt="Slackware"></td>
<td>Slackware</td>
<td colspan="2"><a href="https://slackbuilds.org/repository/14.2/network/tor/">SlackBuilds.org</a></td>
<td>
<a href="<page docs/tor-doc-unix>">Linux/BSD/Unix</a><br>
</td>
</tr>

If nobody wants to design a new logo, there's generic.png in /images/distros/ folder

#25475 TB Credits traumschule Webpages/Website website redesign
Description

We should have a page of contributors, either on the website or Tor browser. Tor Community members, translators etc

#25218 Update screenshots to use obfs4 bridges (instead of obfs3) traumschule Webpages/Website website redesign
Description

https://www.torproject.org/docs/bridges.html.en#UsingBridges

...then choose the transport type you want to use. obfs3 is currently the recommend type...

#25131 Add a security.txt file to torproject.org Webpages/Website website redesign
Description

security.txt files give people the information they need to contact Tor when they find a security issue.

It's an IETF draft, and Google has done it, so maybe we should too: https://securitytxt.org/

We can use the existing information at: https://www.torproject.org/about/contact#security

And we might want to:

  • add a PGP key file
  • add a signature
  • maybe add a policy or acknowledgements when we decide how they work
1 2 3 4 5
Note: See TracQuery for help on using queries.