Hi all, > On 6 Sep 2019, at 12:20, Mike Perry <mikeperry@xxxxxxxxxxxxxx> wrote: > > Roman Mamedov: >> >> On Thu, 05 Sep 2019 02:11:00 +0000 >> Mike Perry <mikeperry@xxxxxxxxxxxxxx> wrote: >> >>> 1. "I didn't know that Debian's backports repo has latest-stable Tor!" >> >> I only looked to backports when I get a warning on the metrics website that my >> versions are not recommended. Aside from that, I thought that running LTS on >> relays is actually beneficial, to prevent any newly introduced bugs in the >> current latest versions from having an impact on the network infrastructure. > > We are moving towards relying on CI for finding functional bugs, and > code review and static analysis for security issues. > > I don't believe that current LTS periods of time will necessarily > provide better results for either of these classes of risk than > investing in better CI and in other forms of diversity than just release > version. > > However, I could see a middle ground where we shorten LTS timescales for > the relay side, but don't eliminate them, as we work towards where we > want to be with CI and security issue risk reduction (or other forms of > diversity). We also have long-term support so that popular software distributions can have a supported version of Tor. (Debian, Ubuntu, and ideally some non-Linux distributions, if they become popular in future.) So it's not just risk that determines our current LTS timeframes. T
Attachment:
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays