[tor-bugs] #6949 [Tor Directory Authority]: remove vulnerable tor versions from 'recommended versions'
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sun Sep 23 10:33:56 UTC 2012
#6949: remove vulnerable tor versions from 'recommended versions'
-------------------------------------+--------------------------------------
Reporter: cypherpunkx | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Directory Authority | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------------------+--------------------------------------
Changes (by arma):
* cc: sebastian, weasel (added)
Comment:
See doc/contrib/authority-policy.txt for what I wrote a while ago about
our habits for which version to recommend.
I think the tradeoff here is between crying wolf often enough that they
stop listening, and removing a not-yet-exploited remote assert bug.
I could go either way here. We've already announced it, so those people
who use Tor packages have already upgraded (or will when their packages
are ready). So we're left only with the people who don't follow some auto-
update mechanism. That makes me lean towards 'unrecommend them'.
Sebastian, weasel, what say you?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6949#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list