Changes between Version 4 and Version 5 of OpenITPReview/Criteria


Ignore:
Timestamp:
May 8, 2013 12:45:17 PM (6 years ago)
Author:
str4d
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • OpenITPReview/Criteria

    v4 v5  
    8585=== Privacy and Terms of Service Disposition ===
    8686|| '''Criterion''' || '''Our response''' || '''Do we fulfil this?''' ||
    87 || To what degree does the project (as opposed to tool) come into contact with confidential information? || Some router statistics are publicly published to the netDB for diagnostic purposes; '''what about IPs, router IDs etc. in website logs from updates?''' || ||
     87|| To what degree does the project (as opposed to tool) come into contact with confidential information? || The I2P network operates on is that there are no "trusted" routers/servers, so the project has no direct contact with confidential information. Some router statistics are publicly published to the netDB for diagnostic purposes, and users sometimes post potentially-deanonymizing information as part of bug reports. '''What about IPs, router IDs etc. in website logs from updates?''' || Yes? ||
    8888|| Does the project understand what data they gather about their users and what its privacy and security impacts are? || '''TODO: Check this''' ||  ||
    8989|| What do project policies permit the project to do with the data they gather? || '''TODO: Check this''' ||  ||
     
    9292=== Project Continuity ===
    9393|| '''Criterion''' || '''Our response''' || '''Do we fulfil this?''' ||
    94 || Does the project have an active developer base? || Small, but active. || ||
    95 || Does the project have a meaningful revenue or funding model sufficient to cover its costs in the long term? || Donations cover server costs and provide for bounties; many services are run by volunteers. || ||
     94|| Does the project have an active developer base? || Small, but active. || Yes ||
     95|| Does the project have a meaningful revenue or funding model sufficient to cover its costs in the long term? || Donations cover server costs and provide for bounties; many services are run by volunteers. See http://www.i2p2.i2p/halloffame for revenue details. || Yes? ||
    9696|| Does the project have an accurate roadmap that is up to date and has a history of use? || See ''Development Process Transparency'' above. ||
    9797|| Does the project have a public bug tracker? Has the project used their bug tracker over time and kept it accurate? || See ''Development Process Transparency'' above. ||
     
    116116|| '''Criterion''' || '''Our response''' || '''Do we fulfil this?''' ||
    117117|| Has the project been audited before, and if so how code base changed since the previous audit? || No || Yes? ||
    118 || Are their significant known security concerns or has the project had public exploit(s)? || Nothing known? ||  ||
     118|| Are their significant known security concerns or has the project had public exploit(s)? || Future cryptographic weakness (see #856). No known public exploits of I2P itself ('''TODO: Check this'''). ||  ||
    119119|| Is this project implicated in the harm of an at-risk population? || No || Yes ||
    120120|| Is the project written in a high-risk language like C? || Written in Java, so... no? || Maybe? ||
    121 || Is the project's development team relatively inexperienced, especially with security? ||  || ||
     121|| Is the project's development team relatively inexperienced, especially with security? || No active developers have implied having any security background or education. || Yes? ||