[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Out-of-date Tors (was Re: 25 tbreg relays in directory)

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Out-of-date Tors (was Re: 25 tbreg relays in directory)
From: Sebastian Hahn <mail@xxxxxxxxxxxxxxxxx>
Date: Tue, 26 May 2009 13:24:58 +0200
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Tue, 26 May 2009 07:25:04 -0400
In-reply-to: <f0eeea310905252335t5e0188a6u69432e176407a971@xxxxxxxxxxxxxx>
References: <200904280457.n3S4vHLN012085@xxxxxxxxxxxxx> <20090525205933.GB4630@xxxxxxxxxxxxxx> <bdf035950d64b0a6c48826bf0254a412@xxxxxxxxxxxxxxxxxx> <f0eeea310905252335t5e0188a6u69432e176407a971@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On May 26, 2009, at 8:35 AM, Nils Vogels wrote:

On Tue, May 26, 2009 at 4:04 AM,  <scream@xxxxxxxxxxxxxxxxxx> wrote:
On Mon, 25 May 2009 16:59:33 -0400, Roger Dingledine <arma@xxxxxxx>wrote:
<snip>
But you're right, this is a real problem. Some of our users useLinux
packaging systems that keep them mostly up to date. But some are on
Ubuntu
(...insert expletives here). And some are on BSD, which eitherprovides
no easy upgrades, or the users don't use them.
<snip>
Has this been discussed with the Ubuntu packagers? Is there a linkto thediscussion I can read... I'm a user of Ubuntu and would be veryinterested
in being able to update via apt (repository).
Same here!

I am using Ubuntu from apt (but only as a client), and if needed I
could also provide updates. I used to be a package maintainer for
FreeBSD, but have moved completely off to Linux these days.

If the packagers need some help or are in time constraints, feel free
to drop me a line.

Grtz!


The problem with Ubuntu can be followed by reading https://bugs.launchpad.net/ubuntu/intrepid/+source/tor/+bug/328442

In short: Tor provides working Ubuntu packages in the noreplyrepositories, so users can simply use those to get working, up-to-date, secure versions. Because Tor is in Ubuntu Universe, no securityupdates are provided by Ubuntu itself, meaning that Ubuntu used toship remote-root vulnerable versions of Tor for a long time, eventhough they were informed about the problem and could simply haveadopted the packages from noreply. As it stands, I personally deem anypackage in Ubuntu universe as a great risk to anyones computersecurity, since updates are not provided in a timely manner. Thatbeing said, I'm very happy with the current situation (Tor beingremoved from Ubuntu, while users can install packages from noreplywithout any trouble to get the latest version of Tor).Please see https://wiki.torproject.org/noreply/TheOnionRouter/TorOnDebianif you want to learn more.


Sebastian

-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAkob0YoACgkQCADWu989zuYTXgCgv81g1FMVpADa9CmHC7gDovLt
A2gAoJFG16H3clai4PCs5QMruKZX6d/x
=PjMT
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Out-of-date Tors (was Re: 25 tbreg relays in directory)
  - From: Runa Sandvik

References:
- Out-of-date Tors (was Re: 25 tbreg relays in directory)
  - From: Roger Dingledine
- Re: Out-of-date Tors (was Re: 25 tbreg relays in directory)
  - From: scream
- Re: Out-of-date Tors (was Re: 25 tbreg relays in directory)
  - From: Nils Vogels

Prev by Author: Re: Out-of-date Tors (was Re: 25 tbreg relays in directory)
Next by Author: Re: A tor error message prior to crash
Previous by thread: Re: Out-of-date Tors (was Re: 25 tbreg relays in directory)
Next by thread: Re: Out-of-date Tors (was Re: 25 tbreg relays in directory)
Index(es):
- Author
- Thread