Updates for old Tor stable release series: 0.2.4.28, 0.2.5.13, 0.2.6.11, 0.2.7.7, 0.2.8.13

Hi! We've just tagged and uploaded new versions for the older 0.2.4 through 0.2.8 release series, to backport important patches and extend the useful life of these versions.

If you have the option, we'd recommend that you run the latest stable release instead of these. They are mainly of interest to distribution maintainers who for whatever reason want to track older release series of Tor.

You can, as usual, find the source at https://dist.torproject.org/. For a list of the backported changes in each release, see one of the nice handcrafted links below:

Please note that these releases are larger than we expect most future old-stable releases to be, because until recently we didn't have an actual policy of which releases should receive backports and support. You can learn more about our plans for "regular" and "long-term support" releases of Tor on the wiki.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Thanks Nick!

For people reading this post: we did the work of putting out oldstable releases, but we have not yet done the work of getting any of these releases into stable distros -- Debian, Ubuntu, Gentoo, Arch, Fedora, etc.

So if you run one of those distros, and it's shipping something earlier than Tor 0.2.9.x, please consider launching whatever the process is for getting them to update.

For context, I found this site potentially interesting:
https://repology.org/metapackage/tor/versions

Thanks!

TorProject.org only gets a C rating in the SecurityHeaders test,

https://securityheaders.io/?q=torproject.org&followRedirects=on

It needs Content-Security-Policy, Public-Key-Pins and Referrer-Policy.

> for whatever reason want to track older release series of Tor.
This is not acceptable. What concrete reasons do they have to reduce privacy/anonymity of the Tor network?

Tor is not an usual program, it is a client/peer for Tor network. So when NG onion services will become available, all Tor software must support them.

More on that here:

https://lists.torproject.org/pipermail/tor-talk/2017-February/042929.html

https://lists.torproject.org/pipermail/tor-dev/2016-December/011725.html

JFYI, I've split tor package on repology into

https://repology.org/metapackage/tor/versions
https://repology.org/metapackage/tor-unstable/versions

Should Tor the daemon be compiled with Selfrando by default?

We have a ticket for that to get it going https://trac.torproject.org/projects/tor/ticket/19722. One major show stopper currently is licensing incompatibilities: tor uses a BSD license while selfrando is available under AGPL.

Post new comment

  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <em> <strong> <cite> <code> <ul> <ol> <li> <b> <i> <strike> <p> <br>

More information about formatting options

Syndicate content Syndicate content