[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: tor removed from ubuntu jaunty



On Sun, Apr 19, 2009 at 11:24:01AM -0500, Matt LaPlante wrote:
> A heads-up for fellow Ubuntu users: The tor package has been removed
> from Ubuntu Jaunty due to lack of maintainership.
> 
> https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2009-April/007866.html

Yep. You can read a lot more about it here:
https://bugs.launchpad.net/ubuntu/+source/tor/+bug/328442
and back from 2007 here:
http://www.mailinglistarchive.com/ubuntu-devel@xxxxxxxxxxxxxxxx/msg24404.html

Ubuntu hardy and intrepid are still shipping known-remote-vulnerable
versions of Tor. The version they have in Intrepid is even
known-remote-root-vulnerable. And they still haven't gotten around to
fixing it.

If you're going to include Tor in your distribution, you really have
to maintain it. Since Ubuntu doesn't maintain packages in its Universe,
it seemed like the smartest move to make sure we don't keep having this
problem with every new Ubuntu version.

You can find well-maintained Ubuntu packages here:
https://wiki.torproject.org/noreply/TheOnionRouter/TorOnDebian

I presume we'll put up jaunty packages when jaunty goes stable. In the
mean time, I hear the intrepid packages work fine on jaunty. (Let me
know if that's wrong, and I'll ask Peter to consider setting up a jaunty
build environment sooner.)

Thanks,
--Roger