Hello! Nick Weaver via tor-relays:
Was there an explicit decision made or an announcement about more rapid deprecating older server versions with the "Not recommended" flag?
There is no more rapidly deprecating older server versions per se, no. The issues fixed in both 0.4.8.20 and 0.4.8.21 were deemed serious enough to un-recommend previous Tor versions (as far as running them on relays is the concern).
My test relay (tor.icsi-berkeley.org <http://tor.icsi-berkeley.org/>, I use it as my own guard on some tests) was running 0.4.8.18, and I noticed today that it had gained the "Not Recommended" flag which meant my client(s) would not connect to it as the choice of guard.
FWIW that's not really a flag Tor is dealing with. It's just something that is generated by relay-search to give additional information to relay operators. I don't think your client(s) take that "flag" into account when picking Guards.
I updated to 0.4.8.20 (as 0.4.8.21, although technically available, wasn't announced or linked to at the time on the Tor website). It lost the "not recommended" flag but regained it again as the current consensus now only has 0.4.8.21 and 0.4.9.3-alpha as acceptable versions.
(so, well, update again)?
Yes, please.
Was this a deliberate decision or in response to a problem patched in 0.4.8.21 (and not announced as high enough severity to require immediate updating?) Is this going to be a policy going forward that relays should be updated within <12 hours of patch announcement?
It depends on the severity of the bugs which get fixed in releases. Generally speaking, I'd see the 0.4.8.20 and 0.4.8.21 releases more as an exception than the new norm. There are no plans of speeding up the deprecation of older Tor versions.
(also, tor26 basically likes everything BUT 0.4.8.21 because that hasn't gotten added to it, I think the Tor network might be disrupted if there is no agreement at all between the 3 authorities selecting recommended version, I think there could be a situation where there is no consensus on "recommended versions" if this isn't fixed)
I don't think this is as severe as you might imagine. As the spec says `server-versions` contains "Recommended Tor server software". It's not a MUST as you can see consensuses are still built and including a load of relays not having upgraded yet.
As of time of writing, from https://consensus-health.torproject.org/
moria1 client-versions 0.4.8.19, 0.4.8.20, 0.4.8.21, 0.4.9.3-alpha moria1 server-versions 0.4.8.20, 0.4.8.21, 0.4.9.3-alpha
tor26 client-versions 0.4.8.4, 0.4.8.5, 0.4.8.6, 0.4.8.7, 0.4.8.8, 0.4.8.9, 0.4.8.10, 0.4.8.11, 0.4.8.12, 0.4.8.13, 0.4.8.14, 0.4.8.15, 0.4.8.16, 0.4.8.17, 0.4.8.18, 0.4.8.19, 0.4.9.1-alpha, 0.4.9.2-alpha, 0.4.9.3-alpha, (Strikethrough: 0.4.8.20, 0.4.8.21 )
tor26 server-versions 0.4.8.4, 0.4.8.5, 0.4.8.6, 0.4.8.7, 0.4.8.8, 0.4.8.9, 0.4.8.10, 0.4.8.11, 0.4.8.12, 0.4.8.13, 0.4.8.14, 0.4.8.15, 0.4.8.16, 0.4.8.17, 0.4.8.18, 0.4.8.19, 0.4.9.1-alpha, 0.4.9.2-alpha, 0.4.9.3-alpha, (Strikethrough: 0.4.8.21 )
gabelmoo client-versions 0.4.8.19, 0.4.8.20, 0.4.8.21, 0.4.9.3-alpha
gabelmoo server-versions 0.4.8.21, 0.4.9.3-alpha
consensus client-versions 0.4.8.19, 0.4.8.20, 0.4.8.21, 0.4.9.3-alpha server-versions 0.4.8.21, 0.4.9.3-alpha
Georg