On Tue, Mar 24, 2020 at 03:23:26PM +0000, Peter Palfrader wrote:
> On Tue, 24 Mar 2020, Emilio Pozuelo Monfort wrote:
> > >> Upstream is no longer maintaining the 0.2.4.x tree. Maybe it's time to
> > >> terminate support for Tor in wheezy/oldoldstable?
> > > I think so. I have marked it as unsupported in debian-security-support.
> > There's a new tor CVE. However upstream no longer supports 0.2.x.y, so stretch
> > was EOL'ed. Given jessie has an even older version, I think we should follow suit.
> I concur.
thanks for confirming (and maintaining tor in the first place), Peter.
I had already done this change locally in src:debian-security-support here and
just did the git push for it. Next step should probably be to release a DLA to
communicate this more widely. (And then, closer to the next poin releases, updates
for d-s-s to buster, stretch and jessie.)
--
cheers,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
Attachment:
signature.asc
Description: PGP signature