[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #20431 [Core Tor/DirAuth]: do not recommend vulnerable tor versions - update "recommended versions"

Subject: Re: [tor-bugs] #20431 [Core Tor/DirAuth]: do not recommend vulnerable tor versions - update "recommended versions"
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 24 Oct 2016 03:30:51 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 23 Oct 2016 23:31:01 -0400
In-reply-to: <051.3bf105b3394bd50b14362283f2336032@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.3bf105b3394bd50b14362283f2336032@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#20431: do not recommend vulnerable tor versions - update "recommended versions"
------------------------------+---------------------
 Reporter:  cypherpunks       |          Owner:
     Type:  defect            |         Status:  new
 Priority:  Medium            |      Milestone:
Component:  Core Tor/DirAuth  |        Version:
 Severity:  Normal            |     Resolution:
 Keywords:                    |  Actual Points:
Parent ID:                    |         Points:
 Reviewer:                    |        Sponsor:
------------------------------+---------------------

Comment (by teor):

 Let's take a step back here:

 The last time we removed recommended versions, it was because they simply
 would not work: they did not believe enough current directory authorities.
 This seems to me to be a sensible criterion: "will it function?"

 What are our general guidelines for setting recommended versions?
 I suggest that "is it a severe enough bug?" could be another.

 Does #20384 rise to the level that we should stop recommending every
 version that doesn't have it? It could be, because it affects many clients
 in some way. But have we done this in the past for bugs of similar
 severity? I'm not sure.

 And, finally, if we do decide we want to eliminate all non-patched
 versions, should we then increment the minor release version, so we can
 recommend versions that definitely have this fix? (It may be too late to
 do this now.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20431#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #20431 [Core Tor/DirAuth]: do not recommend vulnerable tor versions - update "recommended versions"
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #20379 [Applications/Tor Browser]: Can't initially connect to bridges after new network connection
Next by Author: Re: [tor-bugs] #20281 [Internal Services/Tor Sysadmin Team]: Please make the following user accounts for GiantRabbit
Previous by thread: Re: [tor-bugs] #20431 [Core Tor/DirAuth]: do not recommend vulnerable tor versions - update "recommended versions"
Next by thread: Re: [tor-bugs] #20431 [Core Tor/DirAuth]: do not recommend vulnerable tor versions - update "recommended versions"
Index(es):
- Author
- Thread