[Tor-BSD] OpenBSD testers neededFw: fix security issue in -stable for net/tor
George Rosamond
george at ceetonetechnology.com
Wed Dec 13 18:39:00 EST 2017
teor:
>
> On 14 Dec 2017, at 08:22, Daniel Jakots <vigdis+tor at chown.me> wrote:
>
>>> We usually don't remove relays from the network unless they are
>>> actively causing severe issues for clients. The last time we did this
>>> for a particular tor version was back in 0.2.9 due to a bad directory
>>> cache bug.
>>>
>>> As far as I know, there are no plans to remove older relays from the
>>> network.
>>>
>>> Instead, we will mark them as "not recommended" in Relay Search,
>>> and the relays themselves will warn about their old version in their
>>> logs.
>>
>> So what does the "not recommended" mark? Just a hint that you should
>> update?
>
> Yes, just a hint to update.
>
> We also declare major version series unsupported.
> (Like 0.2.7 earlier this year, or 0.2.8 and 0.3.0 in January.)
> Then they stop receiving security patches.
AFAIK, it was just a "Tor out of date" type message out of syslog.
I manually updated the port to 0.3.1.9 for two nodes on OpenBSD -stable,
and was going to do a diff.
But as these are both small embedded boxes and I have dedicated
${TORDATADIR} partitions on each, Tor jumped in disk usage and bombed
out both bridges.
On that note, what is the maximum Tor data dir everyone is seeing,
regardless of OS? I have up to 222M on one relay that's on 0.3.1.9.
Thanks for jumping on it DJ. Backporting *really* matters for the Tor
stuff.
g
More information about the Tor-BSD
mailing list