[tor-relays] Ubuntu LTS about to ship with a soon-to-expire Tor version?

Valter Jansons valter.jansons at gmail.com
Fri Apr 6 19:46:20 UTC 2018


Hello SMichel,

Please do not top-post (leave what you are replying to below your new
message) in mailing lists.

> What will I have to do to downgrade to the old Tor-version 'cause I'm willing to do so.

I would suggest against downgrading unless there is really no better option.

If you want to do something, what you can do is add the
deb.torproject.org repository as a package source on your system.
There is manual work involved in getting packages built and added to
it due to it not being entirely handled by build bots, so delays may
exist for holidays and such, but generally speaking, you can expect
the latest stable release to be in there a few days after it has been
tagged. Note that the repository is signed with
A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 and a
deb.torproject.org-keyring package is provided for installing the
signing key so that rollout of a new key if/when it is required in the
future is easier.

For example, to get the latest stable Tor release installed on Ubuntu
Bionic Beaver (18.04 LTS) you could simply run:

cat << EOF > /etc/apt/sources.list.d/torproject.list
deb http://deb.torproject.org/torproject.org bionic main
deb-src http://deb.torproject.org/torproject.org bionic main
EOF

apt-key adv --keyserver keyserver.ubuntu.com --recv
A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89

apt-get update

apt-get install tor deb.torproject.org-keyring

Official documentation on all of this can be found at
https://www.torproject.org/docs/debian.html (along with an OS version
picker) in case you are concerned.

> And what's the problem with a version which is soon to expire if there (hopefully) be an update (in time).

If you are okay with running an LTS Tor version then there should
really be no problem since Simon Deziel, the Ubuntu packager, has
confirmed on Trac #25715 that Ubuntu Bionic (18.04 LTS) will ship with
Tor 3.2 until a new Tor LTS is released which is when they start
packaging that. (See:
https://trac.torproject.org/projects/tor/ticket/25715#comment:4)

You can then expect it to look like how it looks for Ubuntu Xenial
(16.04 LTS) now. You can imply Xenial shipped with Tor 2.7 until Tor
2.9 was released just by looking at the current state of the Ubuntu
repository. As of writing, Ubuntu has Tor 2.7.6 in the base xenial
distribution and Tor 2.9.14 in the xenial-updates and xenial-security
distributions. (See: https://packages.ubuntu.com/xenial/tor)

I do not think it comes as a surprise that an LTS distribution would
only have LTS versions, but still, it's worth keeping in mind then if
you want the latest stable Tor version instead of the LTS version on
Xenial right now you need to either build from source or use a
different (most likely, deb.torproject.org) repository. Expect the
same to apply on Bionic once the new Tor LTS is released and further
stable versions start coming out.

The original thread/ticket was more of a public 'better safe than
sorry' kind of concern situation about what the Ubuntu maintainers'
plans are more than anything.

-- 4096R/A83CE748 Valters Jansons


More information about the tor-relays mailing list