On 14-08-30 07:31 AM, Patrick Schleizer wrote: > Cypher: >> On 08/24/2014 09:43 PM, Michael Wolf wrote: >> The article was very interesting - except the part about 'here's how you >> might want to fix this'. I certainly hope that the Tor project /is not/ >> accepting patches submitted by NSA or GCHQ! Sure, I realize those >> agencies could very easily embed someone within the project (in fact, >> don't a few of the Tor project folks work in intel?) but developing a >> trusting relationship by accepting patches just seems like a bad idea to me. > > How would they know the patches are made by someone paid by NSA or GCHQ? > If they reject patches with the reason "made by NSA or GCHQ", I would > assume that they will create a number of fake identities [if they don't > already have them in abundance] and submit patches using fake identities > by then.
There are several pseudonymous development sponsors (named only by single letters). Any of them could be GCHQ or NSA or one of their front agencies. It doesnt matter - all of the code remains open source and the developers have their own public reputation to maintain. It is counter-productuve to complain about contributors' backgrounds. Instead, concerned people could put efforts into forming an independent, funded group to audit the code and find/fix problems. Everything i've heard from Tor Project indicates to me they would welcome that sort of contribution. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
