End of Life for Tor 0.2.0.x branch
We have declared end-of-life for Tor 0.2.0.x. Those Tor versions have
several known flaws, and nobody should be using them. You should upgrade.
Specifically, the big flaw in Tor <= 0.2.0.35 is that its list of
directory authorities is out of date, so you'll find it hard to learn
about the network. We're signing the network status consensus with the
old signatures for now, but we're going to stop doing that in a few weeks,
which means your Tor 0.2.0.x will fail to find the current network.
The only exception is people using Debian Lenny -- our nice Debian
packager is trying to keep that package maintained for you.
As a bonus, if you move to a newer Tor you'll get significant performance
boosts as a client, and you'll improve the performance for others as
The original message is archived at http://archives.seul.org/or/announce/Mar-2010/msg00001.html
Where can we get more info on the progress of packaging the new version on Debian? I look at the PTS but all I see is new packages coming in experimental and unstable all the time. What needs to be done for them to pass into stable?
debian stable ships with 0.2.0.x tor, which hit end of life a while ago. Erinn could answer this better, but I don't believe debian stable will contain 0.2.1 or 0.2.2 until squeeze is released as stable.
Better to use our repositories for current versions of tor for Debian.
Actually, the Lenny deb is the one exception to "end of life for 0.2.0.x". The Debian packager for Tor is also a Tor developer, and he's been working hard to keep Tor 0.2.0.x just barely still alive in Lenny.
So while it won't get you the best performance, it should still be safe to use.
If you're running Tor as a relay though, we'd prefer that you use the 0.2.1.x or 0.2.2.x Tor debs. That's because they provide big performance improvements for *other* people on the network.