[Tor-BSD] OpenBSD testers neededFw: fix security issue in -stable for net/tor

Daniel Jakots vigdis+tor at chown.me
Wed Dec 13 16:22:13 EST 2017


On Thu, 14 Dec 2017 08:09:04 +1100, teor <teor2345 at gmail.com> wrote:

> > Now Tor is going to remove the affected relays for the networks so
> > updating is really mandatory :p  
> 
> Where did you hear this?

I thought I read in on a Tor Mailing list, but I couldn't find it. In
fact it appears to be 
https://twitter.com/nusenu_/status/940327665323708416

did I misunderstand the tweet?

I also noticed it on
https://atlas.torproject.org/#details/C9F8F2219CC39BA9CD965517AE855FF7FFD99D0C
 
> We usually don't remove relays from the network unless they are
> actively causing severe issues for clients. The last time we did this
> for a particular tor version was back in 0.2.9 due to a bad directory
> cache bug.
> 
> As far as I know, there are no plans to remove older relays from the
> network.
>
> Instead, we will mark them as "not recommended" in Relay Search,
> and the relays themselves will warn about their old version in their
> logs.

So what does the "not recommended" mark? Just a hint that you should
update?

> It's still important to update to protect users :-)
> 
> > Here's a diff to update the ports. Ports compiled tested only so
> > tests report welcome.  
> 
> Running "make check" runs Tor's test suite.
> It's worth doing for a new version.

Sure, but real life testing doesn't hurt ;)

============================================================================
Testsuite summary for tor 0.3.0.13
============================================================================
# TOTAL: 17
# PASS:  12
# SKIP:  5
[...]

Cheers,
Daniel



More information about the Tor-BSD mailing list