On 19 Jul 2018, at 06:40, nusenu nusenu-lists@riseup.net wrote:
Signed PGP part you probably want to reach out to package maintainer that didn't update yet (like the ubuntu snap) - if you didn't do so yet
Emailing package maintainers is part of our existing process: https://gitweb.torproject.org/tor.git/tree/doc/HACKING/ReleasingTor.md#n171
If the maintainer is not on the list, please submit a patch to ReleasingTor.md, or ask them to join tor-packagers@lists.torproject.org.
Roger Dingledine:
If you run a bridge relay, please upgrade -- so your bridge address can resume being given out to censored users, and so your stats can resume being included in the metrics pages.
We just put out new releases (0.2.9.16, 0.3.2.11, 0.3.3.9, 0.3.4.5-rc) that retire the old bridge authority and start using a new one. The new bridge authority is "Serge", and it is operated by George from the Tor BSD Diversity project: https://lists.torproject.org/pipermail/tor-announce/2018-July/000162.html
If for whatever reason you can't upgrade yet, you can also manually switch to advertising your bridge descriptor to the new bridge authority by using this torrc line:
AlternateBridgeAuthority Serge orport=9001 bridge 66.111.2.131:9030 BA44 A889 E64B 93FA A2B1 14E0 2C2A 279A 8555 C533
I'd expect such email to be signed - yes, even if people can fetch that data from a signed release.
Please submit a patch to ReleasingTor.md.
T