Suhaib Mbarak writes: > Dear all. > > My question is to make sure wether tor source code is open and available > for public or not?
Yes, it has always been since the beginning of the project. Currently, the code is available at https://gitweb.torproject.org/tor.git > In case it is open source and can be modified how it is secure?!!!! Open source means that anyone is allowed to make their own changes (and share those with the public if they want), but there is an official version from the Tor Project which only official Tor maintainers can change. The official Tor maintainers receive suggestions from the public, but they make the final decision about whether or not other people's changes can become part of the official version of Tor. For example, if you wanted to change something, you could make your own modified version without anyone's permission, but it wouldn't be the official version. You would need to ask the maintainers to adopt your changes if you wanted them to become part of the official version. There is still an interesting question about whether people could somehow trick the Tor maintainers into including a change that is actually detrimental, even though it appears to be useful. In many ways, the Tor project relies on public scrutiny to confirm that changes that get included in the official version are useful and don't introduce problems or security holes. There is a fairly broad consensus that this is a useful way to work, yet I don't think that people are confident that all of the risk has been mitigated, since there are also security research projects that show that there are ways of intentionally creating bugs that are subtle and carefully disguised as useful functionality. So, there is still a need for ongoing research about how to learn to detect (whether by human knowledge, by coding standards, by using different languages or libraries, by creating new software tools, or by something call formal methods where properties of code are proven) if people are trying to disguise or hide a bug or vulnerability inside of a useful contribution. The Tor Project has actually thought about this issue a lot, if you're very interested in it... there are probably other resources and presentations that you could look at that further examine the issue. -- Seth Schoen <sch...@eff.org> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk