Paying Tomasz Wasilczyk for security improvements

Mark Doliner mark at
Tue Mar 5 01:54:28 EST 2013

On Sat, Mar 2, 2013 at 5:56 PM, Tomasz Wasilczyk
<tomkiewicz.groups at> wrote:
> We (I mean, me and someone from Google) clarified some aspects of this
> agreement. At first, Google won't direct the work - it's up to IMF to
> decide, what is important in the context of improving security. Still,
> they will be happy to discuss or advise on the work. I think it will
> be kind, if I will address every issue they point out at first place.

I think the next step is for us to determine an appropriate list of
tasks for you to work on.  The only one on my list is:
- Evaluate current master-password branch, merge in changes from main,
finish anything that needs finishing, merge into main.  (I'd prefer
these changes not go into 2.x.y... but it's certainly open for
discussion if people think that's a good idea.)

Anyone else have any security-related bug fixes or improvements they
would like to see?

> I wish there would be any primary contact person from IMF for this
> work. He could quickly decide, if certain task fits into scope of
> whole security-related work. Also, he could assign me to any task that
> have to be done on this topic. But this is only my wish and I can cope
> without it.

I think this is a good idea.  And I'm willing to be your contact
person.  I'm a Google employee though, so there is a little conflict
of interest.  If people care about this and Ethan or John want to be
the contact person instead, that's totally cool with me.

More information about the Discussion mailing list