-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On 08/17/2014 01:08 AM, Nusenu wrote:
since you haven't updated most of your relays to address [1] released on 2014-07-28 yet, I was wondering if everything is ok? collective vacation?
Indeed. This is terrible and we will add some more trusted people's ssh keys to the relays, but then again we really want to limit the number of keys that can access our relays for security reasons...
Please consider unattended automated updates. Maybe start with a few relays first.
Even in your environment (I guess you do custom builds) I consider this to be the option that results in the fasted response times and safest network.
Worst case would be that the upgrade fails and all your relays go down. Depending on the actual vulnerability that is being fixed, an offline relay can be preferred over a vulnerable relay.
Most of the time it will probably work just fine and safe you some time doing boring updates.
I am returning from vacation tomorrow and will update all relays. Sorry for the delay.
Thanks.