Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • T tor-browser-build
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 219
    • Issues 219
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 11
    • Merge requests 11
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Applications
  • tor-browser-build
  • Issues
  • #40123
Closed
Open
Created Jan 08, 2020 by Georg Koppen@gkDeveloper

Keep track of security updates to parts of Tor Browser

Tor Browser is actually a bundle containing a bunch of software pieces like Firefox, Tor, NoScript, OpenSSL. For some of those pieces (like Firefox, Tor, NoScript) there is a way to keep track of security issues and their fixes, be it due to code inspection and notification or, kind of, due to automatic updates as in the NoScript case. But that does not hold for every piece of the bundle.

We should do two things to have at least a better overview about potential security issues we want to fix:

a) We need to come up with all of the bundle parts we think we should track for security issues.

b) We need to actually track those pieces.

Mozilla had a third-party library alert tjr worked on a while back, which we might be able to look at for help.

Edited Oct 09, 2020 by Georg Koppen
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking