Next Tor release timeframes?

1) Do we have any requirements to release an 0.2.4.1-alpha at any particular date? I haven't been following e.g. the latest SponsorG timelines. 2) Nick was enthusiastic about an 0.2.2.38 with the latest fix. Nick, do you still think that's important? My sense is that it's a totally esoteric theoretical attack where there's no rush to release. 3) For the next 0.2.3 rc, we might want to merge at least: https://trac.torproject.org/projects/tor/ticket/6252 https://trac.torproject.org/projects/tor/ticket/6404 --Roger

On Wed, Aug 8, 2012 at 5:04 AM, Roger Dingledine <arma@mit.edu> wrote:
1) Do we have any requirements to release an 0.2.4.1-alpha at any particular date? I haven't been following e.g. the latest SponsorG timelines.
2) Nick was enthusiastic about an 0.2.2.38 with the latest fix. Nick, do you still think that's important? My sense is that it's a totally esoteric theoretical attack where there's no rush to release.
Bug 6530 is the one to worry about. It's a remotely triggerable DoS vulnerability where you can crash anybody who tries to download a networkstatus consensus from you. That's not "esoteric" or "theoretical."
3) For the next 0.2.3 rc, we might want to merge at least: https://trac.torproject.org/projects/tor/ticket/6252
ok. Will merge, with bikeshed options not followed.
Agreed, but it needs review! -- Nick

On 8/8/12 8:38 PM, Nick Mathewson wrote:
On Wed, Aug 8, 2012 at 5:04 AM, Roger Dingledine <arma@mit.edu> wrote:
1) Do we have any requirements to release an 0.2.4.1-alpha at any particular date? I haven't been following e.g. the latest SponsorG timelines.
Yes, we should have "tested packages" by September 14: https://trac.torproject.org/projects/tor/ticket/6374 https://trac.torproject.org/projects/tor/ticket/6375 Best, Karsten
2) Nick was enthusiastic about an 0.2.2.38 with the latest fix. Nick, do you still think that's important? My sense is that it's a totally esoteric theoretical attack where there's no rush to release.
Bug 6530 is the one to worry about. It's a remotely triggerable DoS vulnerability where you can crash anybody who tries to download a networkstatus consensus from you. That's not "esoteric" or "theoretical."
3) For the next 0.2.3 rc, we might want to merge at least: https://trac.torproject.org/projects/tor/ticket/6252
ok. Will merge, with bikeshed options not followed.
Agreed, but it needs review!
participants (3)
-
Karsten Loesing
-
Nick Mathewson
-
Roger Dingledine