[Tor-BSD] OpenBSD testers neededFw: fix security issue in -stable for net/tor

Vinícius Zavam egypcio at googlemail.com
Sun Dec 17 11:29:19 EST 2017


2017-12-14 20:39 GMT+00:00 Daniel Jakots <vigdis+tor at chown.me>:
>
> On Wed, 13 Dec 2017 23:39:00 +0000, George Rosamond
> <george at ceetonetechnology.com> wrote:
>
> > teor:
> > >
> > > On 14 Dec 2017, at 08:22, Daniel Jakots <vigdis+tor at chown.me> wrote:
> > >> So what does the "not recommended" mark? Just a hint that you
> > >> should update?
> > >
> > > Yes, just a hint to update.

hi! global south (relays/bridges operator) speaking here.

> > > We also declare major version series unsupported.
> > > (Like 0.2.7 earlier this year, or 0.2.8 and 0.3.0 in January.)
> > > Then they stop receiving security patches.
>
> Thanks, I sent a head-up to ports at openbsd about it.

would also say thank you for all the time and effort/concern on making the
network a better place :3

> > AFAIK, it was just a "Tor out of date" type message out of syslog.
> >
> > I manually updated the port to 0.3.1.9 for two nodes on OpenBSD
> > -stable, and was going to do a diff.

isn't a big red exclamation point and a legend of "not recommended" too
scary for people/newcomers visiting Atlas (Relay Search)? I mean; there are
some cases where one can look at this "warning" as something pretty evil.
no? can easily lead to misinterpretation for non english speakers too.

we can picture this situation quite fast: after a talk or a meetup about
Tor some people from the audience would have a look at Atlas and might see
this flag like "avoid this node" or "do not use such a relay".

for people that are kind in touch with Tor like we are, it sounds silly but
some people do not read or understand it quite well. it can be confuse.
or... how can we say "oh! that *not recommended* flag doesn't matter, just
use it" ? (creepy? how to build trust based on such arguments/comments?)

> This kind of update can't be done on -stable as we try to minimize as
> much as possible the diffs that get in.
>
> > Thanks for jumping on it DJ.  Backporting *really* matters for the Tor
> > stuff.
>
> I'm happy to do it ;)
>
> Cheers,
> Daniel


--
Vinícius Zavam
keybase.io/egypcio/key.asc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/tor-bsd/attachments/20171217/82cbc0e9/attachment.html>


More information about the Tor-BSD mailing list