[tor-bugs] #2156 [Tor Client]: Time to abandon Tor 0.1.2.x?
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Dec 7 05:34:50 UTC 2010
#2156: Time to abandon Tor 0.1.2.x?
------------------------+---------------------------------------------------
Reporter: Sebastian | Owner:
Type: task | Status: new
Priority: normal | Milestone: Tor: 0.2.3.x-final
Component: Tor Client | Version:
Keywords: | Parent:
------------------------+---------------------------------------------------
Comment(by arma):
Given the experience we just gained in #2081, I think we should avoid
locking out versions of Tor which still mostly work. The main reason to
lock out Tor 0.1.2.x as relay is that it caches the wrong directory stuff.
So let's identify the first 0.2.0.x version that caches the right
directory stuff, and go with that.
0.2.0.26-rc is where we did
{{{
- Use new V3 directory authority keys on the tor26, gabelmoo, and
moria1 V3 directory authorities. The old keys were generated with
a vulnerable version of Debian's OpenSSL package, and must be
considered compromised. Other authorities' keys were not generated
with an affected version of OpenSSL.
}}}
So "lock out anything older than 0.2.0.26-rc" would be my choice.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2156#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list