[tor-relays] Operator straw poll: Reasons why you use Tor LTS versions?

Mon Oct 21 20:29:52 UTC 2019

Conrad Rockenhaus:
> 
> 
>> On Sep 5, 2019, at 10:21 PM, grarpamp <grarpamp at gmail.com> wrote:
>>
>>> never relied on the OS Package of Tor, mainly because OS’s OpenSSL versions
>>> are behind the current version of OpenSSL, so I normally compile Tor against
>>> the latest OpenSSL. Example, FreeBSD 12.0-RELEASE has OpenSSL
>>> 1.1.1a-freebsd, which generates a slight crypto error during the startup of
>>> Tor. If you download OpenSSL 1.1.1c and just compile against it, eh, problem
>>> fixed.
>>
>> As to realtime, hardly any behind...
>> ver         openssl   12-stable   ports-head
>> 1.1.1c 20190528 20190528 20190528
>> 1.1.1b 20190226 20190226 20180227
>> 1.1.1a 20181120 20181120 20181120
>> ... not including any 'responsible disclosure' bs
>> around any HW / SW that users may or may not
>> be affected by.
>>
>> As to release mechanics...
>> 12.0-release base had latest 1.1.1a at release,
>> release ports tags were one letter rev behind
>> at 1.0.2p and 1.1.0i, release ports head was
>> latest at 1.0.2q and 1.1.1a, quarterly was similar.
>>
>> tor follows same pattern, people can research
>> and post those datas if they want.
>>
>> Of course people's boxes will be behind if they never
>> update them beyond release, that's not fault of any OS.
>>
>> https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/updating-upgrading.html
>> https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports.html
>> https://download.freebsd.org/ftp/snapshots/
>>
>> Either update base per binary, snapshot, releng, or stable...
>> or track and install ports (packages) quarterly, latest / head...
>> and compile against that as needed.
>>
>> Or get the upstream sources and do by hand.
>>
>> If people aren't on FreeBSD or a well supported
>> Linux distro they should expect their OS to be
>> laggy in areas.
>>
>> Many FreeBSD tor users would be fine tracking
>> base stable and packages latest (ports head).
>> pkg.conf:  url: "pkg+https://pkg.FreeBSD.org/${ABI}/latest",
>>
>> If their OS of choice is still a bit laggy for them, they
>> can join their OS community and start generating
>> update commits... :)
>>
>> https://freebsd.org/
>> https://openbsd.org/
>> etc
>> or whatever pump and dump linux distro is hot this year.
> 
> Grampamp,
> 
> You know I love you tons - but the problem with the FreeBSD release of Tor isn’t fixed by switching to “latest”, you’ll still get the error upon startup. It’s compiled against an older version of OpenSSL. Since it already has an active maintainer I can’t just go in and take it over. That would be rude.
> 
> Yes, OpenSSL on mainline 12.0-RELEASE is fixed, but what they compiled the package against isn’t, so it’s either compile the port or don’t use pkgs. I for one believe in the philosophy of not mixing pkgs and ports so…. Ports it is.

Way late to the party on this, and I don't know if it's resolved on the
FreeBSD side yet, but you need to try https://bugs.freebsd.org/bugzilla/
for issues like this, especially if it's a sync issue between base and
the package.

I did not have any issues with FreeBSD 12-RELEASE with pkgs set to
"latest" with net/tor.

IMHO, issues like this are inevitable when you have THREE supported
"production" releases...

Oh, how I miss the FreeBSD 4.x era.

g