
On Wed, Aug 8, 2012 at 5:04 AM, Roger Dingledine <arma@mit.edu> wrote:
1) Do we have any requirements to release an 0.2.4.1-alpha at any particular date? I haven't been following e.g. the latest SponsorG timelines.
2) Nick was enthusiastic about an 0.2.2.38 with the latest fix. Nick, do you still think that's important? My sense is that it's a totally esoteric theoretical attack where there's no rush to release.
Bug 6530 is the one to worry about. It's a remotely triggerable DoS vulnerability where you can crash anybody who tries to download a networkstatus consensus from you. That's not "esoteric" or "theoretical."
3) For the next 0.2.3 rc, we might want to merge at least: https://trac.torproject.org/projects/tor/ticket/6252
ok. Will merge, with bikeshed options not followed.
Agreed, but it needs review! -- Nick