Paying Tomasz Wasilczyk for security improvements

Thijs Alkemade me at
Tue Mar 5 05:12:26 EST 2013

On Mon, Mar 04, 2013 at 10:54:28PM -0800, Mark Doliner wrote:
> On Sat, Mar 2, 2013 at 5:56 PM, Tomasz Wasilczyk
> <tomkiewicz.groups at> wrote:
> > We (I mean, me and someone from Google) clarified some aspects of this
> > agreement. At first, Google won't direct the work - it's up to IMF to
> > decide, what is important in the context of improving security. Still,
> > they will be happy to discuss or advise on the work. I think it will
> > be kind, if I will address every issue they point out at first place.
> I think the next step is for us to determine an appropriate list of
> tasks for you to work on.  The only one on my list is:
> - Evaluate current master-password branch, merge in changes from main,
> finish anything that needs finishing, merge into main.  (I'd prefer
> these changes not go into 2.x.y... but it's certainly open for
> discussion if people think that's a good idea.)
> Anyone else have any security-related bug fixes or improvements they
> would like to see?

If I may do a suggestion: Lucas Fisher's ssl_client_auth branch has been 
awaiting review for a long time and is very much related to improving 
security. It might even have some overlap with the master-password branch 
(it adds a certificate and key store).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 938 bytes
Desc: not available
URL: <>

More information about the Discussion mailing list