Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T17:40:12Zhttps://gitlab.torproject.org/legacy/trac/-/issues/5689tor-browser-2.2.35-9_en-US.exe infected?2020-06-13T17:40:12ZTractor-browser-2.2.35-9_en-US.exe infected?Centurylink Online Security 9.01 (F-Secure bundled by Centurylink, my ISP) on Windows XP reports that the trojan Gen.Variant.Kazy.25958 is infecting tbb-firefox.exe from the latest bundle listed in the subject line. I verified the signa...Centurylink Online Security 9.01 (F-Secure bundled by Centurylink, my ISP) on Windows XP reports that the trojan Gen.Variant.Kazy.25958 is infecting tbb-firefox.exe from the latest bundle listed in the subject line. I verified the signature on the downloaded file per your instructions and it was OK. I Unzipped the bundle on another virtual machine without the F-Secure product and copied the files to my Linux machine. I scanned the files with Bitdefender for Unices 7.6-4 with the latest definitions. It also indicated the same infection in tbb-firefox.exe
Please advise if there is any additional information I can provide.
**Trac**:
**Username**: taylorkhTorBrowserBundle 2.2.x-stableErinn ClarkErinn Clarkhttps://gitlab.torproject.org/legacy/trac/-/issues/5702please allocate more disk space for the Windows VM2020-06-13T16:45:39ZErinn Clarkplease allocate more disk space for the Windows VMThe current Windows VM (jewel) has 50gb of space allocated to it, but Windows has a folder called winsxs which keeps a bunch of metadata and cannot be deleted. Currently it's at about 19gb, and with all of the software that requires inst...The current Windows VM (jewel) has 50gb of space allocated to it, but Windows has a folder called winsxs which keeps a bunch of metadata and cannot be deleted. Currently it's at about 19gb, and with all of the software that requires installation and building I am running out of space frequently. I'd like to have 100gb more added to it if possible.Andrew LewmanAndrew Lewmanhttps://gitlab.torproject.org/legacy/trac/-/issues/2048Make repository syncing from cupani to jepsonii smarter2020-06-13T16:28:49ZSebastian HahnMake repository syncing from cupani to jepsonii smarterWe currently sync all git repositories from cupani to jepsonii, but instead we should only sync those listed in /srv/git.torproject.org/projects.list on cupani. Also, we should make sure that don't exist on cupani/aren't listed in its pr...We currently sync all git repositories from cupani to jepsonii, but instead we should only sync those listed in /srv/git.torproject.org/projects.list on cupani. Also, we should make sure that don't exist on cupani/aren't listed in its projects.list file anymore are removed on jepsonii, as well.weasel (Peter Palfrader)weasel (Peter Palfrader)https://gitlab.torproject.org/legacy/trac/-/issues/4930bridgedb is not monitored enough by nagios?2020-06-13T10:10:03ZRuna Sandvikbridgedb is not monitored enough by nagios?I have not had any replies from bridges@torproject.org this week, and we've received a few complaints on help@rt.torproject.org as well. Can someone please figure out what's wrong?I have not had any replies from bridges@torproject.org this week, and we've received a few complaints on help@rt.torproject.org as well. Can someone please figure out what's wrong?Andrew LewmanAndrew Lewmanhttps://gitlab.torproject.org/legacy/trac/-/issues/5996Greatly improve usability of GPG for all operating systems2020-06-13T08:06:09ZAndrew LewmanGreatly improve usability of GPG for all operating systemsUsers increasingly are trying to use GPG or PGP to verify our software. This is a great trend to encourage. Unfortunately, the current software available for Windows and OSX is clumsy or non-functional for users. Thandy may replace the n...Users increasingly are trying to use GPG or PGP to verify our software. This is a great trend to encourage. Unfortunately, the current software available for Windows and OSX is clumsy or non-functional for users. Thandy may replace the need for this improvement, but people will still want to verify that thandy does comes from tor.
Help existing projects improve their usability for non-technical users.
Tor is becoming an introduction to GPG/PGP for many people and telling users to 'figure it out' on their own doesn't work so well. It makes users just not verify the software is actually from Tor, or they ask for less secure ways to accomplish the goal, like MD5/SHA-1 hashes of the packages.https://gitlab.torproject.org/legacy/trac/-/issues/5640Please create jobs@torproject.org email list or address2020-06-13T04:37:40ZNick MathewsonPlease create jobs@torproject.org email list or addressWe're going to be looking for a C hacker soon, and we want to give people a place to contact about that. I tried sending an email to jobs@ this morning, but it seems to have bounced. Let's fix that.
The list should have at least the e...We're going to be looking for a C hacker soon, and we want to give people a place to contact about that. I tried sending an email to jobs@ this morning, but it seems to have bounced. Let's fix that.
The list should have at least the executive committee, and possibly other folks who are interested in hiring.
It probably shouldn't be One More Darn Thing that dumps to tor-assistants.weasel (Peter Palfrader)weasel (Peter Palfrader)https://gitlab.torproject.org/legacy/trac/-/issues/5854No deb.torproject.org-keyring in Ubuntu Precise2020-06-13T02:46:02ZRuna SandvikNo deb.torproject.org-keyring in Ubuntu PreciseThe deb.torproject.org-keyring package is not in the list of packages for Ubuntu Precise, so you get a package-not-found error when you try to install it.The deb.torproject.org-keyring package is not in the list of packages for Ubuntu Precise, so you get a package-not-found error when you try to install it.Andrew LewmanAndrew Lewmanhttps://gitlab.torproject.org/legacy/trac/-/issues/4253JTor Missing from Git Repo2020-06-13T02:27:50ZDamian JohnsonJTor Missing from Git RepoEvidently Nathan's copy of JTor [1] is no longer on GitHub, though Kory's is still around [2]. We should either add a copy of JTor to the tor git repo or stop referring to it on the projects page. I'm fine with either, and Roger's happy ...Evidently Nathan's copy of JTor [1] is no longer on GitHub, though Kory's is still around [2]. We should either add a copy of JTor to the tor git repo or stop referring to it on the projects page. I'm fine with either, and Roger's happy with importing.
Cheers! -Damian
[1] https://github.com/brl/JTor
[2] https://github.com/koryk/JTorSebastian HahnSebastian Hahnhttps://gitlab.torproject.org/legacy/trac/-/issues/3884add me to security@2020-06-13T02:19:31ZJacob Appelbaumadd me to security@I'd like to be added to the security@ aliasI'd like to be added to the security@ aliasAndrew LewmanAndrew Lewmanhttps://gitlab.torproject.org/legacy/trac/-/issues/5189Host torstatus (atlas?) instance on the tor site2020-06-13T01:27:15ZDamian JohnsonHost torstatus (atlas?) instance on the tor siteKarsten and hellais recently made a sweet, new torstatus site. Currently both the code and site are hosted on github. I've filed tickets (#5187 and #5188) for moving the codebases and this is the ticket for setting up the VMs on tor's in...Karsten and hellais recently made a sweet, new torstatus site. Currently both the code and site are hosted on github. I've filed tickets (#5187 and #5188) for moving the codebases and this is the ticket for setting up the VMs on tor's infrastructure.
Ideally we'd be adding 'onionoo.torproject.org' for the API and 'atlas.torproject.org' for the torstatus (maybe renamed to atlas?) instance.
After those are up we should change three pages to link to it...
- Volunteer project table.
- Projects page, which currently links to blutmagie.
- Tor's homepage which also links to blutmagie. We should be cautious about this one since we're not sure yet if it'll scale.
Cheers! -DamianArturo FilastòArturo Filastòhttps://gitlab.torproject.org/legacy/trac/-/issues/5921Anonymous donation available?2020-06-13T01:13:23ZcypherpunksAnonymous donation available?Hello Tor folk!
I am wondering wether it is possible to donate anonymously to the Tor Project.
Could you please tell me how I can manage to give money to your organization without being tracked, especially when located in Europe.
Furt...Hello Tor folk!
I am wondering wether it is possible to donate anonymously to the Tor Project.
Could you please tell me how I can manage to give money to your organization without being tracked, especially when located in Europe.
Furthermore, is it helpful for you if people donate to torservers.net?
Thank you very much indeed for your attention!Andrew LewmanAndrew Lewmanhttps://gitlab.torproject.org/legacy/trac/-/issues/2296Create a small document that explains who to contact for security stuff2020-06-13T01:02:55ZJacob AppelbaumCreate a small document that explains who to contact for security stuffWe need to collect a small set of email addresses, gpg keys, and other information about notification of security important related updates.
For Debian - we contact Peter
For Ubuntu - we contact Jacob
For OpenWRT - we contact Jacob
For ...We need to collect a small set of email addresses, gpg keys, and other information about notification of security important related updates.
For Debian - we contact Peter
For Ubuntu - we contact Jacob
For OpenWRT - we contact Jacob
For Android - we contact Nathan and Helix
For Windows - we contact Helix
For Redhat - we contact ???
For Gentoo - we contact ???
For other distros - do we want to to contact vendor-sec and call it a day?Deliverable-Mar2011Jacob AppelbaumJacob Appelbaumhttps://gitlab.torproject.org/legacy/trac/-/issues/2443Remove Torbutton from addons.mozilla.org2020-06-13T01:02:42ZRobert RansomRemove Torbutton from addons.mozilla.orgCurrently, Torbutton is [available from addons.mozilla.org](https://addons.mozilla.org/en-US/firefox/addon/torbutton/). This listing must be removed for several reasons:
1. Nothing currently shown on the page indicates that users must ...Currently, Torbutton is [available from addons.mozilla.org](https://addons.mozilla.org/en-US/firefox/addon/torbutton/). This listing must be removed for several reasons:
1. Nothing currently shown on the page indicates that users must download, install, and run Tor in order to use Torbutton. Multiple people have been confused by this fact.
2. According to [Mozilla's privacy policy](https://www.mozilla.com/en-US/privacy-policy.html) (currently last updated June 30, 2010), addons.mozilla.org records in its logs client IP addresses and times of accesses to the site. Mozilla does not consider even IP addresses to be personally identifying information, and states that it may share the logs it collects with 'employees, contractors, service providers, and subsidiaries and related organizations'. They do not state how long these logs are preserved, or in which jurisdictions the people and organizations with access to the logs are located.
3. The description of Torbutton is long out of date (e.g. it links to bugs.tpo/flyspray for bug reports). I assume this means that we cannot update the description without significant effort.
Once the a.m.o listing is removed, we should announce the change and explain the reasons for it in a blog post.Mike PerryMike Perryhttps://gitlab.torproject.org/legacy/trac/-/issues/5188Move onionoo to tor's git2020-06-13T00:56:37ZDamian JohnsonMove onionoo to tor's gitSpoke with Karsten and it would be nice to start moving onionoo to tor's infrastructure (and yes, it's kinda related to #5187). Assigning to Karsten first for approval and a description for gitweb.
https://github.com/kloesing/OnionooSpoke with Karsten and it would be nice to start moving onionoo to tor's infrastructure (and yes, it's kinda related to #5187). Assigning to Karsten first for approval and a description for gitweb.
https://github.com/kloesing/OnionooKarsten LoesingKarsten Loesinghttps://gitlab.torproject.org/legacy/trac/-/issues/5187Move new torstatus (atlas?) to git2020-06-13T00:56:36ZDamian JohnsonMove new torstatus (atlas?) to gitI've spoken to hellais and it would be nice if we started moving the new (third) TorStatus to tor's infrastructure. The first step would be to move it into tor's git repo.
This looks like it'll be non-trivial since multiple projects are...I've spoken to hellais and it would be nice if we started moving the new (third) TorStatus to tor's infrastructure. The first step would be to move it into tor's git repo.
This looks like it'll be non-trivial since multiple projects are subdirectories in the 'hellais.github.com' repository so my guess is that keeping history will be a no-go. That said, maybe I'm misunderstanding GitHub or Sebastian knows some gitfu to pluck it out.
https://github.com/hellais/hellais.github.com/tree/master/TorStatus
Also, it's confusing to keep calling each new incarnation 'TorStatus' (this is the third one), so Karsten and I have proposed renaming it to Atlas. We'd then also host it under 'atlas.torproject.org'. Other suggestions are welcome.
Assigning to hellais first for approval and a description for the git repository.Sebastian HahnSebastian Hahnhttps://gitlab.torproject.org/legacy/trac/-/issues/3294Please create an ldap account for dcf2020-06-13T00:37:34ZRoger DingledinePlease create an ldap account for dcfname (first/middle/last): David Fifield
preferred username: dcf
forwarding email address: david at bamsoftware dot com
pgp key fingerprint: 4EA3 354B D62E BFD2 2554 C70A 0A9D EEFA 9F14 30E3
I signed his pgp key.name (first/middle/last): David Fifield
preferred username: dcf
forwarding email address: david at bamsoftware dot com
pgp key fingerprint: 4EA3 354B D62E BFD2 2554 C70A 0A9D EEFA 9F14 30E3
I signed his pgp key.weasel (Peter Palfrader)weasel (Peter Palfrader)https://gitlab.torproject.org/legacy/trac/-/issues/3853Support email flooding tor-assistants2020-06-13T00:30:32ZDamian JohnsonSupport email flooding tor-assistantsOk, I'm not sure if a ticket will help get the ball rolling but it's worth a shot. As everyone on tor-assistants@ knows we've been getting a flood of support email. This is most Persian, missing a subject, or otherwise easily identifiabl...Ok, I'm not sure if a ticket will help get the ball rolling but it's worth a shot. As everyone on tor-assistants@ knows we've been getting a flood of support email. This is most Persian, missing a subject, or otherwise easily identifiable but by now it's numbering in the thousands.
Considering the number of people on tor-assistants@ this is collectively soaking up a lot of time. What I understand from asking about this last week is that making a support list was blocked on getting a ticketing system, which was blocked on getting a vm, which was blocked on hardware... and that seemed like a very odd reason to not make an email list. :)
Could we please move forward with making a support@ list and shifting common sources of support queries (like get-tor) to use it?https://gitlab.torproject.org/legacy/trac/-/issues/1697Migrate or-talk, tor-relays, or-cvs, or-dev mailings lists to torproject.org2020-06-13T00:26:17ZAndrew LewmanMigrate or-talk, tor-relays, or-cvs, or-dev mailings lists to torproject.orgWe should be running our own mailing lists @torproject.org domain, with automatic archiving and such.We should be running our own mailing lists @torproject.org domain, with automatic archiving and such.Andrew LewmanAndrew Lewmanhttps://gitlab.torproject.org/legacy/trac/-/issues/1986migrate vidalia's trac into tor's trac2020-06-13T00:07:35ZRoger Dingledinemigrate vidalia's trac into tor's tracVidalia's bugs are getting lonely because people don't look at them much.
If they were in tor's trac, I would help prioritize them and nag people to fix the important usability issues.
Bug we don't just want to import all the vidalia t...Vidalia's bugs are getting lonely because people don't look at them much.
If they were in tor's trac, I would help prioritize them and nag people to fix the important usability issues.
Bug we don't just want to import all the vidalia trac entries into our trac, because the numbers won't line up.
Maybe the best answer is to let the old trac die, and put it up somewhere in a read-only way, and add a new Vidalia component to our trac and cherry-pick the bugs we want to keep active?weasel (Peter Palfrader)weasel (Peter Palfrader)https://gitlab.torproject.org/legacy/trac/-/issues/2514Document an iteration and write up a rosetta stone for reports2020-06-13T00:03:31ZMike PerryDocument an iteration and write up a rosetta stone for reportsI realized it's going to take some time/resources to do this agile nonsense and to explain it to everyone, so why not meta-document and track that time using agile+trac? Sounds like a plan to me.I realized it's going to take some time/resources to do this agile nonsense and to explain it to everyone, so why not meta-document and track that time using agile+trac? Sounds like a plan to me.Mike PerryMike Perry