On Sat, Nov 23, 2013 at 02:22:48PM +0000, Mark McCarron wrote: > How about a certification program? A company can donate some > funds to have their product evaluated and if successful gain > "TOR Certified" status. It would stop all this nonsense and > provide everyone the opportunity to request specific features > or amendments to designs.
I would imagine such a certificate to be quite misleading. Even professional code audits never catch all bugs. So it would only be a matter of time until one of these "Tor certified" products would fail horribly which would then provoke reactions along the lines of "but... it was certified?". Also, audits are one time snapshots. The very first commit after the certification process might already introduce new bugs. Cheers, Philipp -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
