Opened 5 years ago

Last modified 10 months ago

#10498 reopened defect

Noscript. Path of trust.

Reported by: cypherpunks Owned by: erinn
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Major Keywords: tbb-security, noscript
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Noscript is Firefox extension, known for years security tool and simplest way to stop stuff. Author of Noscript never used public repository for demonstrating development progress, all known code was available as standalone archive or file from AMO. However, author used to sign components of archive before 2.6.6.9 version. All we have now to try guess files wasn't modified on a way, and still chance to recreate history of development by hands or by 3rd party repository for versions difference

TBB takes Noscript from servers of AMO during building and run-time addon updates. Do we trust them so much?

Child Tickets

Change History (5)

comment:1 Changed 5 years ago by cypherpunks

Resolution: not a bug
Status: newclosed

comment:2 Changed 21 months ago by cypherpunks

Component: Applications/Tor bundles/installationApplications/Tor Browser
Keywords: tbb-security added
Resolution: not a bug
Severity: Major
Status: closedreopened
Type: taskdefect

The fact: NoScript is an integral part of Tor Browser.
That means its development process should be integrated with the Tor Project.
The main goal is to start doing code review.
To simplify this its repo could be added to git.tpo, and also see https://forums.informaction.com/viewtopic.php?p=10981#p9221

comment:3 Changed 20 months ago by cypherpunks

Maone actions seem to be malicious.

comment:4 in reply to:  3 Changed 20 months ago by cypherpunks

Replying to cypherpunks:

Maone actions seem to be malicious.

Proof? Otherwise that's just FUD.

comment:5 Changed 10 months ago by traumschule

Keywords: noscript added
Note: See TracTickets for help on using tickets.