[tor-dev] RFC: Tor long-term support policy

teor teor2345 at gmail.com
Wed Jan 18 05:05:40 UTC 2017

> On 18 Jan 2017, at 09:22, nusenu <nusenu at openmailbox.org> wrote:
>> == Plan for current releases ==
>> 0.2.4.x, 0.2.6.x, and 0.2.7.x, will all receive at least one more
>>   stable release.  Support for them will end on 1 August 2017.
>> 0.2.8.x will be supported until 1 January 2018.
>> 0.2.5.x is retroactively declared an LTS release, and will be
>>   supported until 1 May 2018.
>> 0.2.9.x is an LTS release, and will be supported until at least
>>   1 January 2020.
> I'm glad to see such a policy.
> Maybe be more verbose on when tor dir auths plan to remove EOL tor
> relays from consensus?

If we do this, we should mention client versions as well.

Typically, this is a decision made by the directory authority operators
in consultation with the tor (network daemon) team.

Sometimes, as was the case with early point releases of 0.2.4 and 0.2.5,
we stop recommending tor versions because they no longer believe a
sufficient number of current directory authority keys.

At other times (as is the case with all but the most recent 0.2.4 to
0.2.9 releases), we stop recommending tor versions because they are not
secure - that is, there is a known high-severity issue in those
versions. (Or, perhaps, an important security improvement only
present in newer versions.)

If neither of these conditions apply, then we have to make a judgement
call on when relays or clients are "too old". In practice, we've just
tended to keep relays around until they fail one of the above checks.

I suggest that we stop recommending versions after we stop supporting
them. I'm not sure if we should delay this a few months after EOL.


Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
xmpp: teor at torproject dot org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20170118/80704bc6/attachment.sig>

More information about the tor-dev mailing list