[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #20431 [Core Tor/DirAuth]: do not recommend vulnerable tor versions - update "recommended versions"
#20431: do not recommend vulnerable tor versions - update "recommended versions"
------------------------------+---------------------
Reporter: cypherpunks | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/DirAuth | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------+---------------------
Comment (by teor):
Let's take a step back here:
The last time we removed recommended versions, it was because they simply
would not work: they did not believe enough current directory authorities.
This seems to me to be a sensible criterion: "will it function?"
What are our general guidelines for setting recommended versions?
I suggest that "is it a severe enough bug?" could be another.
Does #20384 rise to the level that we should stop recommending every
version that doesn't have it? It could be, because it affects many clients
in some way. But have we done this in the past for bugs of similar
severity? I'm not sure.
And, finally, if we do decide we want to eliminate all non-patched
versions, should we then increment the minor release version, so we can
recommend versions that definitely have this fix? (It may be too late to
do this now.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20431#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs