[tor-relays] Operator straw poll: Reasons why you use Tor LTS versions?

[teor]

Hi all,

> On 6 Sep 2019, at 12:20, Mike Perry <mikeperry at torproject.org> wrote:
> 
> Roman Mamedov:
>> 
>> On Thu, 05 Sep 2019 02:11:00 +0000
>> Mike Perry <mikeperry at torproject.org> wrote:
>> 
>>> 1. "I didn't know that Debian's backports repo has latest-stable Tor!"
>> 
>> I only looked to backports when I get a warning on the metrics website that my
>> versions are not recommended. Aside from that, I thought that running LTS on
>> relays is actually beneficial, to prevent any newly introduced bugs in the
>> current latest versions from having an impact on the network infrastructure.
> 
> We are moving towards relying on CI for finding functional bugs, and
> code review and static analysis for security issues.
> 
> I don't believe that current LTS periods of time will necessarily
> provide better results for either of these classes of risk than
> investing in better CI and in other forms of diversity than just release
> version.
> 
> However, I could see a middle ground where we shorten LTS timescales for
> the relay side, but don't eliminate them, as we work towards where we
> want to be with CI and security issue risk reduction (or other forms of
> diversity).

We also have long-term support so that popular software distributions can
have a supported version of Tor. (Debian, Ubuntu, and ideally some non-Linux
distributions, if they become popular in future.)

So it's not just risk that determines our current LTS timeframes.

T

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20190906/38494cc3/attachment-0001.sig>