Hi all,
On 6 Sep 2019, at 12:20, Mike Perry mikeperry@torproject.org wrote:
Roman Mamedov:
On Thu, 05 Sep 2019 02:11:00 +0000 Mike Perry mikeperry@torproject.org wrote:
- "I didn't know that Debian's backports repo has latest-stable Tor!"
I only looked to backports when I get a warning on the metrics website that my versions are not recommended. Aside from that, I thought that running LTS on relays is actually beneficial, to prevent any newly introduced bugs in the current latest versions from having an impact on the network infrastructure.
We are moving towards relying on CI for finding functional bugs, and code review and static analysis for security issues.
I don't believe that current LTS periods of time will necessarily provide better results for either of these classes of risk than investing in better CI and in other forms of diversity than just release version.
However, I could see a middle ground where we shorten LTS timescales for the relay side, but don't eliminate them, as we work towards where we want to be with CI and security issue risk reduction (or other forms of diversity).
We also have long-term support so that popular software distributions can have a supported version of Tor. (Debian, Ubuntu, and ideally some non-Linux distributions, if they become popular in future.)
So it's not just risk that determines our current LTS timeframes.
T