[tor-bugs] #20431 [Core Tor/DirAuth]: do not recommend vulnerable tor versions - update "recommended versions"
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Oct 24 03:30:51 UTC 2016
#20431: do not recommend vulnerable tor versions - update "recommended versions"
------------------------------+---------------------
Reporter: cypherpunks | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/DirAuth | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------+---------------------
Comment (by teor):
Let's take a step back here:
The last time we removed recommended versions, it was because they simply
would not work: they did not believe enough current directory authorities.
This seems to me to be a sensible criterion: "will it function?"
What are our general guidelines for setting recommended versions?
I suggest that "is it a severe enough bug?" could be another.
Does #20384 rise to the level that we should stop recommending every
version that doesn't have it? It could be, because it affects many clients
in some way. But have we done this in the past for bugs of similar
severity? I'm not sure.
And, finally, if we do decide we want to eliminate all non-patched
versions, should we then increment the minor release version, so we can
recommend versions that definitely have this fix? (It may be too late to
do this now.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20431#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list