[tor-relays] Operator straw poll: Reasons why you use Tor LTS versions?

Conrad Rockenhaus conrad at rockenhaus.com
Fri Sep 6 07:17:13 UTC 2019 


> On Sep 5, 2019, at 10:21 PM, grarpamp <grarpamp at gmail.com> wrote:
> 
>> never relied on the OS Package of Tor, mainly because OS’s OpenSSL versions
>> are behind the current version of OpenSSL, so I normally compile Tor against
>> the latest OpenSSL. Example, FreeBSD 12.0-RELEASE has OpenSSL
>> 1.1.1a-freebsd, which generates a slight crypto error during the startup of
>> Tor. If you download OpenSSL 1.1.1c and just compile against it, eh, problem
>> fixed.
> 
> As to realtime, hardly any behind...
> ver         openssl   12-stable   ports-head
> 1.1.1c 20190528 20190528 20190528
> 1.1.1b 20190226 20190226 20180227
> 1.1.1a 20181120 20181120 20181120
> ... not including any 'responsible disclosure' bs
> around any HW / SW that users may or may not
> be affected by.
> 
> As to release mechanics...
> 12.0-release base had latest 1.1.1a at release,
> release ports tags were one letter rev behind
> at 1.0.2p and 1.1.0i, release ports head was
> latest at 1.0.2q and 1.1.1a, quarterly was similar.
> 
> tor follows same pattern, people can research
> and post those datas if they want.
> 
> Of course people's boxes will be behind if they never
> update them beyond release, that's not fault of any OS.
> 
> https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/updating-upgrading.html
> https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports.html
> https://download.freebsd.org/ftp/snapshots/
> 
> Either update base per binary, snapshot, releng, or stable...
> or track and install ports (packages) quarterly, latest / head...
> and compile against that as needed.
> 
> Or get the upstream sources and do by hand.
> 
> If people aren't on FreeBSD or a well supported
> Linux distro they should expect their OS to be
> laggy in areas.
> 
> Many FreeBSD tor users would be fine tracking
> base stable and packages latest (ports head).
> pkg.conf:  url: "pkg+https://pkg.FreeBSD.org/${ABI}/latest",
> 
> If their OS of choice is still a bit laggy for them, they
> can join their OS community and start generating
> update commits... :)
> 
> https://freebsd.org/
> https://openbsd.org/
> etc
> or whatever pump and dump linux distro is hot this year.

Grampamp,

You know I love you tons - but the problem with the FreeBSD release of Tor isn’t fixed by switching to “latest”, you’ll still get the error upon startup. It’s compiled against an older version of OpenSSL. Since it already has an active maintainer I can’t just go in and take it over. That would be rude.

Yes, OpenSSL on mainline 12.0-RELEASE is fixed, but what they compiled the package against isn’t, so it’s either compile the port or don’t use pkgs. I for one believe in the philosophy of not mixing pkgs and ports so…. Ports it is.

Thanks,

Conrad





-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20190906/c339cac0/attachment.sig>

More information about the tor-relays mailing list