[Tor-BSD] Security releases tomorrow for Tor & how to push updated ports faster
clematis
clematis at insiberia.net
Thu Nov 30 15:45:40 EST 2017
Hello,
I bet most of you have also subscribed to the tor-talk lists, but as I
wanted to ask here about the process to help testing and pushing faster
update to the OpenBSD ports for both tor and the tor-browser, I though I
would forward that information below. This could be a 'test case' to see how
long it would take to get the ports updated and how many steps are
required. (If someone could document this it would surely help).
Following a quick chat with attila it sounded like there's some
bottleneck in the process that induce some serious latency.
How could we improve this?
----- Forwarded message from Nick Mathewson <nickm at torproject.org> -----
Date: Thu, 30 Nov 2017 12:00:49 -0500
From: Nick Mathewson <nickm at torproject.org>
To: "tor-talk at lists.torproject.org" <tor-talk at lists.torproject.org>
Subject: [tor-talk] Security releases tomorrow for Tor
Hello!
I'm sending this message to announce that we will be releasing new
stable and versions of Tor tomorrow, to fix 5 security bugs. I
apologise for the short notice; we've had to move up our intended
release date in order to try to match with release deadlines for
downstream projects.
We have classified 3 of these bugs as Medium and 2 as High, per draft
security process at
https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SecurityPolicy
. The most serious bugs are a pair of denial-of-service issues, which
we treat as high security because of the possibility of escalating
them for traffic-analysis purposes.
Note that only the following series are supported, and only they will
receive updates: 0.2.5, 0.2.8, 0.2.9, 0.3.0, 0.3.1, and 0.3.2. 0.2.8
and 0.3.0 will become unsupported in January; 0.2.5 will become
unsupported in May.
best wishes,
--
Nick
--
tor-talk mailing list - tor-talk at lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
----- End forwarded message -----
Thanks,
--
clematis (0x7e96fd2400fe7b59)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://lists.nycbug.org/pipermail/tor-bsd/attachments/20171130/e8871bca/attachment.bin>
More information about the Tor-BSD
mailing list