[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] RFC: Tor long-term support policy

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] RFC: Tor long-term support policy
From: teor <teor2345@xxxxxxxxx>
Date: Wed, 18 Jan 2017 16:05:40 +1100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 18 Jan 2017 03:38:14 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:mime-version:subject:date:references:to:in-reply-to:message-id; bh=xrtxPjunbMhiJ/wXpxSgcDJPV4/Zhj1u8FMEFRvsyMw=; b=NKLFj2qQPnChv6A5Yunl7MJwaRyIUB2Jq0AnPyju16NC9aTEH20xJ+8VXK182+5q3x amLlSwW11OQTweRjO0yc/ToPcVW+H1HcnEOPiNiV3UtdPjSzdEeZFahM92HFWfrwV/UM AYl2ht5lvxJnoar+2/hIu+l/cqDj/StWBdFeysFGS2IqF2RhwD5DPIoKDjbfkHxVLVg3 eCoqoGH++dM73QksFGDIKQ1daOXeGVHgR8MK523bQWl1KB1Q897Up8R2/FMwTe6qPBcS m97b5+4rRSK62IV+YytC1krR5qIR0OvLORA2sXZOs1XNPUOIAzuY7Qcz0b4XsGfmWIdP NQeA==
In-reply-to: <c3216f45-9c5c-1a3f-d9a7-cda400349098@openmailbox.org>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAKDKvuxnmYLbCMWjm0sGt==rVrRszdPjB3Zq8CGfyQn-=-TCdg@mail.gmail.com> <c3216f45-9c5c-1a3f-d9a7-cda400349098@openmailbox.org>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

> On 18 Jan 2017, at 09:22, nusenu <nusenu@xxxxxxxxxxxxxxx> wrote:
> 
>> == Plan for current releases ==
>> 
>> 0.2.4.x, 0.2.6.x, and 0.2.7.x, will all receive at least one more
>>   stable release.  Support for them will end on 1 August 2017.
>> 
>> 0.2.8.x will be supported until 1 January 2018.
>> 
>> 0.2.5.x is retroactively declared an LTS release, and will be
>>   supported until 1 May 2018.
>> 
>> 0.2.9.x is an LTS release, and will be supported until at least
>>   1 January 2020.
> 
> I'm glad to see such a policy.
> 
> Maybe be more verbose on when tor dir auths plan to remove EOL tor
> relays from consensus?

If we do this, we should mention client versions as well.

Typically, this is a decision made by the directory authority operators
in consultation with the tor (network daemon) team.

Sometimes, as was the case with early point releases of 0.2.4 and 0.2.5,
we stop recommending tor versions because they no longer believe a
sufficient number of current directory authority keys.

At other times (as is the case with all but the most recent 0.2.4 to
0.2.9 releases), we stop recommending tor versions because they are not
secure - that is, there is a known high-severity issue in those
versions. (Or, perhaps, an important security improvement only
present in newer versions.)

If neither of these conditions apply, then we have to make a judgement
call on when relays or clients are "too old". In practice, we've just
tended to keep relays around until they fail one of the above checks.

I suggest that we stop recommending versions after we stop supporting
them. I'm not sure if we should delay this a few months after EOL.

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------

Attachment: signature.asc
Description: Message signed with OpenPGP

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] RFC: Tor long-term support policy
  - From: Nick Mathewson
- Re: [tor-dev] RFC: Tor long-term support policy
  - From: nusenu

Prev by Author: Re: [tor-dev] log: ORPort/DirPort address does not match descriptor address
Next by Author: [tor-dev] Release: sandboxed-tor-browser-0.0.3
Previous by thread: Re: [tor-dev] RFC: Tor long-term support policy
Next by thread: [tor-dev] [collector] CollecTor Release 1.1.2
Index(es):
- Author
- Thread