[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: tor removed from ubuntu jaunty



On Apr 19, 2009, at 5:28 PM, Roger Dingledine wrote:
> Ubuntu hardy and intrepid are still shipping known-remote-vulnerable
> versions of Tor. The version they have in Intrepid is even
> known-remote-root-vulnerable. And they still haven't gotten around to
> fixing it.

Ubuntu has this strange way of maintaining the packages in hardy and
intrepid. It seems like you have to request a backport if you want a
new version of package foo. You then have to build this package on the
distro you wish to backport it to, test it and then include the
results in the bug report. Loop this for every new release of package
foo.

No one had requested a backport to hardy and intrepid _with_ the
documentation necessary. I know that it was pointed out that the tor
project does have packages ready for both hardy and intrepid, but it
seemed like the developers wanted someone to "officially" build,
install and test the packages, as well as test for regressions etc.

Also, Martin Pitt said that he would sponsor the packages for hardy
and intrepid soon, and care about the rest. It seems like things are
moving forward, slowly. Those interested can follow the bug report in
Launchpad: https://bugs.launchpad.net/ubuntu/+source/tor/+bug/328442

- Runa