[Bug 328442] Re: Tor 0.1.2.x abandoned by upstream, update to 0.2.0.34
Roger Dingledine
arma at mit.edu
Thu Apr 16 18:21:25 UTC 2009
Ok. So the current status as I understand it is that Ubuntu would rather
ship known-vulnerable (and in the Intrepid case, known-remote-root-vulnerable!)
versions of Tor rather than use the Ubuntu debs that we provide.
Sounds like the correct solution is to a) take it out of Jaunty (as Martin said
he would do, above, but I think it hasn't been done yet?), and b) use the
Hardy and Intrepid debs that we provide in the noreply.org repository.
I understand that you want testers, but apparently nobody reads this bug
report except people who don't have time to test. I say that the noreply debs --
even if not "officially" tested, whatever that means -- are a huge improvement
over the known-remote-vulnerable versions you ship in Hardy and Intrepid.
--
Tor 0.1.2.x abandoned by upstream, update to 0.2.0.34
https://bugs.launchpad.net/bugs/328442
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list