On Tue, Aug 06, 2013 at 12:09:48AM +0200, Griffin Boyce wrote: > We may have to disagree as to the way forward. I hate to be > contentious, but it seems unlikely that Tor applied a patch without > reading firefox's changelog.
I'm still not clear on what you want Tor to have done. Should they do a RED FLASHING LETTERS blog post every time a security-critical bug gets fixed in a new release? News flash, there are security-critical bugs fixed in *every* release. Many of them aren't even *identified* as security-critical bugs when they're fixed. Users *have* to be up to date if they are going to try to do things in this threat landscape. (Of course updates introduce their *own* can of security worms, but far better to kill off the bugs we *know* are being exploited than to worry overmuch about APTs burning backdoored developers slipping malware into our reproducibly built cryptographically hashed auditable source trail DVCS managed applications.) -andy -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
