[tor-relays] obfs4proxy installation from deb.torproject.org says Release file expired

Iain Learmonth irl at torproject.org
Tue Jun 25 10:51:25 UTC 2019


On 22/06/2019 00:20, s7r wrote:
> Trying to spin some new obfs4bridges. I am using:
> deb.torproject.org/torproject.org obfs4proxy main
> in /etc/apt/sources.list  -- I hope this is correct.
> I get this:
> E: Release file for
> https://deb.torproject.org/torproject.org/dists/obfs4proxy/InRelease is
> expired (invalid since 1d 15h 7min 11s). Updates for this repository
> will not be applied.
> Just recently saw Yawning's release notification, is it somehow related?

We no longer maintain deb packages on deb.torproject.org for obfs4proxy.
The packages that were there were built using an old version of Go that
had known security issues, and then statically linked in libraries that
also will have had unfixed security issues. The packages in Debian are
rebuilt when new Go versions or libraries are available so are not
affected by this issue.

For installation instructions:



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20190625/ac5b8313/attachment-0001.sig>

More information about the tor-relays mailing list