> Tue, 19 Jan 2016 02:40:18 +1300 Carlin Bingham <c...@viennan.net> > > None of these can be dropped later or made conditional on the > > configuration, as tor's config can be changed and reloaded while it's > > running and it needs them all to handle that. > > > > Is a wide pledge like this still beneficial? > > Shows obvious application design flaws. So much for the application > goals. And/or the actual use case. Understand the mail further now?
Tor predates of privilege mitigation concepts. A lot of software got stuck there. A community developed who believe the software is full of magic pixie dust which will keep them safe. They didn't even read the code, to realize it is following the old way: that the developers are using all the best techniques. Even OpenSSH isn't immune this same criticism, though it at least has some substantial mitigations it perhaps does not have all of them. It is very difficult to "move" an established piece of software towards using better components and design.
