Rather than replying in-line to everything, I'll just summarise:
* TLS/x.509 security: torbrowser-launcher doesn't rely on the CA
infrastructure. The only TLS it does is make HTTPS requests to
check.torproject.org and (if you haven't set a mirror)
www.torproject.org. When it connects to these host
Sorry for the late reply.
On Sat, 2014-06-21 at 23:01 -0700, Micah Lee wrote:
> The keys that are signing keys that are included torbrowser-launcher are
> for: Alexandre Allaire, Erinn Clark, Mike Perry, and Sebastian Hahn.
> Keys are here:
> https://github.com/micahflee/torbrowser-launcher/tree/
control: tags -1 + moreinfo
control: severity -1 normal
Hi Christoph (bcc:ed),
On Sonntag, 22. Juni 2014, Christoph Anton Mitterer wrote:
> As already pointed out in the aforementioned thread, this has
> several critical security issues:
And they are all (IMHO successfully) considered in the cod
On 06/21/14 18:55, Christoph Anton Mitterer wrote:
> Hi.
>
> This is basically a follow up from the lengthy discussion at
> debian-devel:
> https://lists.debian.org/debian-devel/2014/06/msg00171.html
> (somewhere deeper in the thread).
>
> Admittedly I didn't read through the whole code of torbr
Package: torbrowser-launcher
Version: 0.0.7-1
Severity: grave
Tags: security
Justification: user security hole
Hi.
This is basically a follow up from the lengthy discussion at
debian-devel:
https://lists.debian.org/debian-devel/2014/06/msg00171.html
(somewhere deeper in the thread).
Admittedly
5 matches
Mail list logo
