Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2011-04-29T22:25:57Zhttps://gitlab.torproject.org/legacy/trac/-/issues/3046Please give nickm access to vescum & mirroradm2011-04-29T22:25:57ZErinn ClarkPlease give nickm access to vescum & mirroradm'nickm' needs write permissions to the dist directory on vescum and the ability to run the trigger-mirrors script in mirroradm since he is doing Tor alpha releases now.'nickm' needs write permissions to the dist directory on vescum and the ability to run the trigger-mirrors script in mirroradm since he is doing Tor alpha releases now.weasel (Peter Palfrader)weasel (Peter Palfrader)https://gitlab.torproject.org/legacy/trac/-/issues/3034Meetings with SponsorF partners (phase 1)2011-04-28T19:13:33ZRoger DingledineMeetings with SponsorF partners (phase 1)Some other groups are getting funding via SponsorF also, and the more we teach them about what Tor is doing and what problems need solving the better they will be able to help us save the world.
In particular, we should meet with SRI, I...Some other groups are getting funding via SponsorF also, and the more we teach them about what Tor is doing and what problems need solving the better they will be able to help us save the world.
In particular, we should meet with SRI, ISI, and the red team in phase 1 (by end-of-May).Andrew LewmanAndrew Lewmanhttps://gitlab.torproject.org/legacy/trac/-/issues/3031Nick needs a copy of windows 72011-05-10T00:49:48ZNick MathewsonNick needs a copy of windows 7Hi. Please figure out the right way for me to get myself a copy of Windows 7.Hi. Please figure out the right way for me to get myself a copy of Windows 7.Andrew LewmanAndrew Lewmanhttps://gitlab.torproject.org/legacy/trac/-/issues/3016Please create an LDAP account for rransom2011-04-27T21:18:13ZRobert RansomPlease create an LDAP account for rransomName: Robert Ransom
Preferred username: rransom
Forwarding e-mail address: `rransom.8774@gmail.com`
OpenPGP key fingerprint:
```
pub 2048D/BCA799F0 2010-06-01
Key fingerprint = A98B 3F31 ACE6 1C64 2749 F3CB 91EF E9AA BCA7 99F0
u...Name: Robert Ransom
Preferred username: rransom
Forwarding e-mail address: `rransom.8774@gmail.com`
OpenPGP key fingerprint:
```
pub 2048D/BCA799F0 2010-06-01
Key fingerprint = A98B 3F31 ACE6 1C64 2749 F3CB 91EF E9AA BCA7 99F0
uid Robert Ransom <rransom.8774@gmail.com>
```weasel (Peter Palfrader)weasel (Peter Palfrader)https://gitlab.torproject.org/legacy/trac/-/issues/2990Please give rransom write access to svn.tpo/svn/projects2011-04-26T15:39:44ZRobert RansomPlease give rransom write access to svn.tpo/svn/projectsI have changes to commit to projects/articles/browser-privacy/ .I have changes to commit to projects/articles/browser-privacy/ .Andrew LewmanAndrew Lewmanhttps://gitlab.torproject.org/legacy/trac/-/issues/2973Mac Access for Damian2011-04-25T17:57:57ZDamian JohnsonMac Access for DamianHi, Erinn mentioned that we have a ppc osx system. Could I have an account on it? This would be handy for both arm testing and packaging.
Thanks! -DamianHi, Erinn mentioned that we have a ppc osx system. Could I have an account on it? This would be handy for both arm testing and packaging.
Thanks! -DamianAndrew LewmanAndrew Lewmanhttps://gitlab.torproject.org/legacy/trac/-/issues/2906Please give chiiph commit access to the website2011-04-13T15:48:43ZErinn ClarkPlease give chiiph commit access to the websitechiiph needs to be able to update the Vidalia page. Please give him commit access to the website svn. Thanks!chiiph needs to be able to update the Vidalia page. Please give him commit access to the website svn. Thanks!Andrew LewmanAndrew Lewmanhttps://gitlab.torproject.org/legacy/trac/-/issues/2869I need an account on ferrinii2011-04-10T17:40:52ZMike PerryI need an account on ferriniiI need an account on ferrinii in the torperf group so I can keep an eye on torperf scripts over the weekend.
Long term, we may also need some nagios scripts to keep an eye on these scripts.I need an account on ferrinii in the torperf group so I can keep an eye on torperf scripts over the weekend.
Long term, we may also need some nagios scripts to keep an eye on these scripts.weasel (Peter Palfrader)weasel (Peter Palfrader)https://gitlab.torproject.org/legacy/trac/-/issues/2853Review Some GSoC Proposals2011-04-05T01:06:19ZMike PerryReview Some GSoC ProposalsOver the past week, I reviewed a few GSoC proposals and spent a bit of time talking to students. This ticket is to track that effort.Over the past week, I reviewed a few GSoC proposals and spent a bit of time talking to students. This ticket is to track that effort.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/2684please create tor-packagers mailing list2011-03-30T15:13:26ZErinn Clarkplease create tor-packagers mailing listPlease create tor-packagers mailing list on lists.torproject.org. According to #2296 we have a tor-security list that's meant for general security contact, but for non-security things -- such as alpha releases, and other packaging-relate...Please create tor-packagers mailing list on lists.torproject.org. According to #2296 we have a tor-security list that's meant for general security contact, but for non-security things -- such as alpha releases, and other packaging-related issues -- we need a way to notify people, perhaps a broader group, albeit with some expect overlap.Andrew LewmanAndrew Lewmanhttps://gitlab.torproject.org/legacy/trac/-/issues/2679Migrate tor-internal, tor-assistants, etc mailings lists to torproject.org2011-04-11T00:32:19ZRoger DingledineMigrate tor-internal, tor-assistants, etc mailings lists to torproject.orgThe migration of the public lists (#1697) is looking good.
But I'm still running on moria:
tor-assistants
tor-internal
tor-directors
tor-exec
tor-gsoc
tor-java
tor-mirrors
tor-translation
flynn
dir-auth
vidalia-svnThe migration of the public lists (#1697) is looking good.
But I'm still running on moria:
tor-assistants
tor-internal
tor-directors
tor-exec
tor-gsoc
tor-java
tor-mirrors
tor-translation
flynn
dir-auth
vidalia-svnAndrew LewmanAndrew Lewmanhttps://gitlab.torproject.org/legacy/trac/-/issues/2673Get new cert for blog2011-03-09T03:15:36ZMike PerryGet new cert for blogblog.tp.o is in need of a new cert.blog.tp.o is in need of a new cert.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/2671Better communication for authority operators, core developers in emergency si...2020-06-13T00:06:37ZNick MathewsonBetter communication for authority operators, core developers in emergency situations When in danger or in doubt,
run in circles, scream and shout!
- traditional motto, possibly naval.
When the bug behind #2664 happened, it took us a few hours to notice. That was bad, and #2666 is about trying to notice such si... When in danger or in doubt,
run in circles, scream and shout!
- traditional motto, possibly naval.
When the bug behind #2664 happened, it took us a few hours to notice. That was bad, and #2666 is about trying to notice such situations faster. But another problem is that even after we noticed, it still took a while to sort out who knew how best to contact which operators. Probably developers should get contacted too, so they can be available to deal with bad/urgent bugs.
We should figure out, for each authority operator and core developer[*], the best two or three ways to contact them in the case of an emergency. If these ways are not something we want to publish (e.g., phone numbers), a few people should know them, and all Tor people should know who those people are and how to contact them in a hurry.
We should have some emergency-response mechanisms in place. If communications are security-sensitive, we should have a way to deal with it in place, rather than the current approach of "send gpg-encrypted email to those people whose keys you happen to have" or "immediately go dark, use OTR to talk pairwise to people you know". Those approaches scale badly; we can probably do better.
We should also have planned responses for emergency events like "A key server looks like it might have been compromised"; "somebody has reported a vulnerability"; "somebody has disclosed a vulnerability"; "one or more authorities have gone down strangely;" "looks like the network is crashing;" and so on.
[*] "core developer" is here defined as "a developer who is likely to needed urgently when something breaks."https://gitlab.torproject.org/legacy/trac/-/issues/2661Find best way to fit coding convention notes into wiki2011-08-29T19:28:16ZThomas BenjaminFind best way to fit coding convention notes into wikiThe HACKING file is awesome, but it would probably be good to add the coding convention issues to the wiki as well. It may be easier for new volunteers to find. I recommend adding a link to the wiki entry to the HACKING file, and addin...The HACKING file is awesome, but it would probably be good to add the coding convention issues to the wiki as well. It may be easier for new volunteers to find. I recommend adding a link to the wiki entry to the HACKING file, and adding a link from the HACKING file to the wiki.
I will seek feedback on tor-dev as to the best way to include a link to this page from our other documentation and the front page of the wiki
Also, I categorized this ticket as Company because I think it will help maintain our institutional memory, and I couldn't find another component that seemed to fit better. If someone has a better way to categorize this please feel free to change the ticket.Thomas BenjaminThomas Benjaminhttps://gitlab.torproject.org/legacy/trac/-/issues/2630make all our systems use security aware resolvers2011-12-16T23:32:04Zweasel (Peter Palfrader)make all our systems use security aware resolversProbably by installing unbound, configuring it properly, and then change /etc/resolv.conf to only ask localhost.Probably by installing unbound, configuring it properly, and then change /etc/resolv.conf to only ask localhost.weasel (Peter Palfrader)weasel (Peter Palfrader)https://gitlab.torproject.org/legacy/trac/-/issues/2621Please create a ldap account for chiiph2011-02-28T19:09:00ZTomas ToucedaPlease create a ldap account for chiiphBy Sebastian suggestion, I'm filling this ticket with the necessary data:
name (first/middle/last): Tomás Andrés Touceda
preferred username: chiiph
forwarding email address: chiiph @gentoo.org
pgp key fingerprint: 553D 7C2C 626E F16F 27...By Sebastian suggestion, I'm filling this ticket with the necessary data:
name (first/middle/last): Tomás Andrés Touceda
preferred username: chiiph
forwarding email address: chiiph @gentoo.org
pgp key fingerprint: 553D 7C2C 626E F16F 27F3 30BC 95E3 881D 9A75 3A6Bweasel (Peter Palfrader)weasel (Peter Palfrader)https://gitlab.torproject.org/legacy/trac/-/issues/2598create a new svn repo for internal sharing2011-02-21T20:27:12ZAndrew Lewmancreate a new svn repo for internal sharingas agreed at the mini-dev meeting, we need an internal svn repo for sharing documents and funding proposals that isn't public, but isn't as restricted as it is now.as agreed at the mini-dev meeting, we need an internal svn repo for sharing documents and funding proposals that isn't public, but isn't as restricted as it is now.Andrew LewmanAndrew Lewmanhttps://gitlab.torproject.org/legacy/trac/-/issues/2567Diversion time2011-02-15T14:16:46ZMike PerryDiversion timeTo be pedantic for purposes of my Agile experiment, I want to also ballpark time I spent this week being distracted by or-talk, tor node maintenance, discussing blog and infrastructure issues with Helix, etc. Not sure which component to ...To be pedantic for purposes of my Agile experiment, I want to also ballpark time I spent this week being distracted by or-talk, tor node maintenance, discussing blog and infrastructure issues with Helix, etc. Not sure which component to put this in, as it's just for my own accounting of general noise and overhead. To me, this seems to make 'Company' a good fit, but maybe that's a poor idea.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/2516Examine TurnRight's packages for malware2012-06-14T01:38:29ZRobert RansomExamine TurnRight's packages for malwareA Chinese blogger who calls himself/herself/itself 'TurnRight' has produced two packages containing Tor, which he/she/it has named 'EasyTor' and 'TorPack'. They are definitely not safe to use (the latest releases of both contain version...A Chinese blogger who calls himself/herself/itself 'TurnRight' has produced two packages containing Tor, which he/she/it has named 'EasyTor' and 'TorPack'. They are definitely not safe to use (the latest releases of both contain versions of Tor before 0.2.1.29 that are now believed to be remotely exploitable), they definitely infringe The Tor Project's trademark, and at least TorPack infringes The Tor Project's copyright as well (I did not find the Tor license in it with a fairly thorough search).
We should have these packages examined for malware, as the Chinese government and its accomplices have previously [distributed repackaged versions of popular software that include malware](http://www.zdnet.com/blog/government/chinese-monitoring-tom-skype-messages/4063) and [used targeted malware to attack groups which China opposes](http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-746.html).Jacob AppelbaumJacob Appelbaumhttps://gitlab.torproject.org/legacy/trac/-/issues/2514Document an iteration and write up a rosetta stone for reports2020-06-13T00:03:31ZMike PerryDocument an iteration and write up a rosetta stone for reportsI realized it's going to take some time/resources to do this agile nonsense and to explain it to everyone, so why not meta-document and track that time using agile+trac? Sounds like a plan to me.I realized it's going to take some time/resources to do this agile nonsense and to explain it to everyone, so why not meta-document and track that time using agile+trac? Sounds like a plan to me.Mike PerryMike Perry