Skip to content

GitLab

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed (moved)
Opened by Georg Koppen@gk

Keep track of security updates to parts of Tor Browser

Tor Browser is actually bundle containing a bunch of software pieces like Firefox, Tor, NoScript, OpenSSL. For some of those pieces (like Firefox, Tor, NoScript) there is a way to keep track of security issues and their fixes, be it due to code inspection and notification or, kind of, due to automatic updates as in the NoScript case. But that does not hold for every piece of the bundle.

We should two things to have at least a better overview about potential security issues we want to fix:

a) We need to come up with all the parts of the bundle parts we think we should track for security issues.

b) We need to actually track those pieces.

Mozilla had a third-party library alert tjr worked on a while back, which we might be able to look at for help.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information