On Mon, Nov 25, 2013 at 01:25:37PM +0000, Gibson, Aaron wrote: > On 2013-11-23 19:38, Philipp Winter wrote: > >On Sat, Nov 23, 2013 at 02:22:48PM +0000, Mark McCarron wrote: > >>How about a certification program? A company can donate some > >>funds to have their product evaluated and if successful gain > >>"TOR Certified" status. It would stop all this nonsense and > >>provide everyone the opportunity to request specific features > >>or amendments to designs. > > > >I would imagine such a certificate to be quite misleading. Even > >professional code audits never catch all bugs. So it would only > >be a matter of time until one of these "Tor certified" products > >would fail horribly which would then provoke reactions along the > >lines of "but... it was certified?". > > > >Also, audits are one time snapshots. The very first commit > >after the certification process might already introduce new > >bugs. > > On the other hand, any Tor-Related hardware is of interest the wider > community, and many on these lists would be happy to > receive/evaluate/give feedback, on both actual physical hardware as > well as proposed designs.
Sure, fully agreed. I just don't think that a certification process is the right way towards that goal. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk