Opened 9 years ago

Closed 4 years ago

#2296 closed task (duplicate)

Create a small document that explains who to contact for security stuff

Reported by: ioerror Owned by: ioerror
Priority: Medium Milestone: Deliverable-Mar2011
Component: Company Version: Tor: unspecified
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

We need to collect a small set of email addresses, gpg keys, and other information about notification of security important related updates.

For Debian - we contact Peter
For Ubuntu - we contact Jacob
For OpenWRT - we contact Jacob
For Android - we contact Nathan and Helix
For Windows - we contact Helix
For Redhat - we contact ???
For Gentoo - we contact ???

For other distros - do we want to to contact vendor-sec and call it a day?

Child Tickets

Change History (11)

comment:1 in reply to:  description Changed 9 years ago by chiiph

Replying to ioerror:

For Gentoo - we contact ???

I'm a Gentoo dev, but I don't maintain Tor itself, just Vidalia. The current maintainer is Christian Faulhammer but I don't mind receiving and fwding the news.
AFAIK he doesn't use Tor, so may be I can co-maintain it with him.

comment:2 Changed 9 years ago by ioerror

Gustavo (humpback A T gentoo.org) was our last known gentoo maintainer.

comment:3 Changed 9 years ago by chiiph

He's currently retired.

comment:4 Changed 9 years ago by atagar

Christian Faulhammer was the gentoo person that sponsored arm too (as a proxy maintainer for Jesse) [1]. If he's interested then he seems like a fine choice. -Damian

[1] https://bugs.gentoo.org/show_bug.cgi?id=341731

comment:5 Changed 9 years ago by phobos

Why not simply create a moderated security list at lists.torproject.org? Add/remove people as needed.

comment:6 Changed 9 years ago by chiiph

+1 for the list

comment:7 Changed 9 years ago by phobos

Status: newaccepted

https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-security now exists. I can invite people to subscribe, or people watching this ticket can apply for approval to this new email list. list membership is moderated and requires approval. archives are restricted to the list members only. list membership listing is restricted to the list members only.

comment:8 Changed 9 years ago by phobos

Just rethinking this ticket, we wanted a list of people to receive early warning of tor security issues? I believe this is what we wanted. We have tor-security to which people can subscribe. Is this good enough? If so, we should close the ticket.

comment:9 Changed 9 years ago by phobos

Owner: changed from phobos to ioerror
Status: acceptedassigned

reassigning to ioerror, because I don't have an action anymore.

comment:10 Changed 9 years ago by blueness

Currently chiiph and I are jointly maintaining tor for Gentoo. You should contact both of us:

blueness@…
chiiph@…

My GPG ID is D0455535.

comment:11 Changed 4 years ago by isis

Resolution: duplicate
Status: assignedclosed

Closing as a duplicate of #5489.

Note: See TracTickets for help on using tickets.