Skip to content

GitLab

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Open
Created by Georg Koppen@gkDeveloper

Keep track of security updates to parts of Tor Browser

Tor Browser is actually a bundle containing a bunch of software pieces like Firefox, Tor, NoScript, OpenSSL. For some of those pieces (like Firefox, Tor, NoScript) there is a way to keep track of security issues and their fixes, be it due to code inspection and notification or, kind of, due to automatic updates as in the NoScript case. But that does not hold for every piece of the bundle.

We should do two things to have at least a better overview about potential security issues we want to fix:

a) We need to come up with all of the bundle parts we think we should track for security issues.

b) We need to actually track those pieces.

Mozilla had a third-party library alert tjr worked on a while back, which we might be able to look at for help.

Edited by Georg Koppen
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information