[tor-relays] Re: Accelerated depreciation of older versions?

[Nick Weaver via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>]

> On Nov 19, 2025, at 7:31 AM, Sebastian Hahn via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx> wrote:
> 
> 
> I'm one of the people responsible for flagging old versions as a
> dirauth operator. Please do not treat this flagging as anything
> more than a friendly nudge to update. If there are more serious
> issues or the version is so outdated that it isn't maintained
> anymore at all, we can exclude the relays from the consensus as a
> more drastic measure.
> 
> Ideally, your distribution updates quickly, you notice that
> automatically, and then apply the update soon.

Except the problem:  When you flag an old version then the client appears to no longer accept it as a guard node (it is how I noticed).

By doing so, within <24 hours of new version release, you are eliminating >1/2+ of the potential guard nodes in the network.  It is not a "polite nudge", but something that potentially disrupts the network.

I'm too lazy to trace the Tor source code (I have a moral obligation not to try to read too much ugly C that wants to be C++ and has >2500 GOTO statements), but I use my relay as a pinned guard for a test-server (with an override so it accepts just a single guard for a hidden service).


When the node gets the "Not recommended" flag, it is no longer considered usable as a guard and I get a continuous stream of:


Nov 14 17:44:21.000 [notice] Failed to find node for hop #1 of our path. Discarding this circuit.


errors in the log.

There probably needs to be a stated policy on "Absent a security vulnerability of severity X, older server versions are not deprecated for Y days" to prevent this from potentially disrupting the network.


_______________________________________________
tor-relays mailing list -- tor-relays@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-relays-leave@xxxxxxxxxxxxxxxxxxxx