End of Life for Tor 0.2.0.x branch

by phobos | March 31, 2010

We have declared end-of-life for Tor 0.2.0.x. Those Tor versions have
several known flaws, and nobody should be using them. You should upgrade.

Specifically, the big flaw in Tor <= is that its list of
directory authorities is out of date, so you'll find it hard to learn
about the network. We're signing the network status consensus with the
old signatures for now, but we're going to stop doing that in a few weeks,
which means your Tor 0.2.0.x will fail to find the current network.

The only exception is people using Debian Lenny -- our nice Debian
packager is trying to keep that package maintained for you.

As a bonus, if you move to a newer Tor you'll get significant performance
boosts as a client, and you'll improve the performance for others as
a relay.

The original message is archived at http://archives.seul.org/or/announce/Mar-2010/msg00001.html


Please note that the comment area below has been archived.

April 15, 2010


Where can we get more info on the progress of packaging the new version on Debian? I look at the PTS but all I see is new packages coming in experimental and unstable all the time. What needs to be done for them to pass into stable?

debian stable ships with 0.2.0.x tor, which hit end of life a while ago. Erinn could answer this better, but I don't believe debian stable will contain 0.2.1 or 0.2.2 until squeeze is released as stable.

Better to use our repositories for current versions of tor for Debian.


May 22, 2010

In reply to phobos


Actually, the Lenny deb is the one exception to "end of life for 0.2.0.x". The Debian packager for Tor is also a Tor developer, and he's been working hard to keep Tor 0.2.0.x just barely still alive in Lenny.

So while it won't get you the best performance, it should still be safe to use.

If you're running Tor as a relay though, we'd prefer that you use the 0.2.1.x or 0.2.2.x Tor debs. That's because they provide big performance improvements for *other* people on the network.

April 18, 2010


I use Debian Lenny. Since the big tor update at the time that the problem you mentioned was announced, I noticed that whenever I reboot (my tor client starts by default at boot time) tor seems to be trying to contact all the running Tor servers one by one. That's supposed to happen, right?

Every now and then I see that my connections while using tor (I have torbutton in Iceweasel) are exiting via an apparently unauthorized tor exit server (not known to sites which maintain a list of known tor exit servers). Should I be worried about that?

Many thanks for providing tor!

Yes, your Tor client will keep trying to connect to something until it can establish a connection. When your computer boots the network isn't up yet, and your Tor client thinks either it's just been heavily firewalled, or a bunch of Tor relays are down, or some other catastrophe occurred. Once network shows up, it should settle down.

As for "unauthorized" Tor exit servers, it's much more likely that the websites you use to give you the full list of Tor relays are actually just wrong or out of date.

May 25, 2010


Has the issue raised in Feb 2009 by a chinaman I think he is a teacher/prof/educator
regarding the black box/hat effect in tor been solved?