[tor-dev] [tor-talk] heartbleed: ETA for tor release(s) that blacklist affected directory authority keys? (#11464)
anonym at riseup.net
Wed Apr 23 16:46:52 UTC 2014
23/04/14 16:51, Nick Mathewson wrote:
> On Wed, Apr 23, 2014 at 10:28 AM, anonym <anonym at riseup.net> wrote:
>> 21/04/14 12:27, Nusenu wrote:
>>> the code to blacklist heartbleed affected tor directory authority keys
>>> has been merged about a week ago .
>>> Do you have an ETA on when you are going to release it (tor and TBB
>> As the release manager for the Tails 1.0 release I'm also interested in
>> an ETA for this. Ideally the Tails image intended for the 1.0 release
>> will be built on 2014-04-27 (so this is when we'll truly freeze the
>> version of Tor), and released two days later. We Tails developers would
>> find it sad if its core piece of software becomes out-dated immediately
>> or even just shortly after that.
>> Nick (or any one else in the loop), do you have any idea of timings for
>> the next stable Tor release?
> My goal is to get out a new alpha with the blacklist this week, and an
> 0.2.4 release by the end of the month.
> This is a goal; I don't know if I'm going to be able to make it, and I
> can't make mpromises there.
Thanks for letting us know!
> If you like, it could be entirely reasonable to backport the code in
> question; the relevant commits are:
Given the planned release date for Tails 1.0, this actually doesn't look
too bad a compromise. I had a quick look at the other tickets tagged
`024-backport` and nothing seemed very important. However, before
deciding on this, I'd really appreciate a confirmation from any of you
Tor devs that, as it looks now, the next 0.2.4 release will have no
other important security fixes affecting *Linux* *clients*. So, will it?
More information about the tor-dev