[tor-bugs] #27769 [Applications/Tor Browser]: How to update Tor core only on TBB 7.5.6?

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Sep 23 14:24:20 UTC 2018 

#27769: How to update Tor core only on TBB 7.5.6?
--------------------------------------+----------------------------------
 Reporter:  Luddite                   |          Owner:  tbb-team
     Type:  task                      |         Status:  closed
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:  Tor: unspecified
 Severity:  Normal                    |     Resolution:  wontfix
 Keywords:  XP, compatability         |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+----------------------------------
Changes (by boklm):

 * status:  reopened => closed
 * resolution:   => wontfix


Comment:

 Replying to [comment:2 Luddite]:
 > Unfortunately as an amnesic OS Tails is not practical when the user
 needs to continuously save and edit files. Also many useful Windows
 applications still do not run properly under WINE.
 >
 > The most serious vulnerability was not in Firefox ESR 52.9 but rather in
 Noscript and has already been fixed in the new version 5.1.8.7. Also
 please consider that Linux users comprise only 2% of active OSs yet they
 get their own version.

 Noscript is not the most serious vulnerability. Each new firefox update is
 fixing several vulnerabilities. We don't have resources to maintain
 ourselves an entire browser codebase, most of this work is done by
 Mozilla, and they decided to stop support for esr52 and move to esr60 so
 we have to do the same.

 >
 > If the support criteria is helping as many people as possible then XP
 should receive at least as much attention as Linux, and if the criteria is
 only supporting secure operating systems then once we factor in Microsoft
 and its government partners spying, we'll find that under some threat
 models legacy operating systems remain more secure despite their
 vulnerabilities.
 >
 > I'm already considering running the core with a custom ports 7.5.6 but
 I'm likely to break something. And because tenth of Tor users, an
 estimated 200000 people are in the same situation, I would go as far as
 suggesting that maintaining 7.5.6 with an updated core is a reasonable
 request, and yet I'm only asking for manual instructions.

 Spending time to maintain 7.5.6 with an updated tor does not make much
 sense to me as the most critical issues are in the browser.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27769#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list