Comment 4 for bug 1710753

Greetings!

(Tor developer here)

As stated above, the 0.2.7.x series is now EOL since August 1st, 2017 meaning that we will NOT fix any bugs nor do any new releases even in the event of a catastrophic security issue.

Unfortunately, Tor does see security issues from time to time and the rate could increase that now our Bug Bounty program has gone public[1]. We've started to document each of them thoroughly on our wiki[2] so keeping anything EOL in Ubuntu for something as sensitive as Tor is really not ideal and potentially puts our users and network at risk.

So we (Tor upstream), strongly recommend that any unmaintained version should be dropped from Ubuntu, at the very least for security purposes, and the Tor LTS[3] series should be used for Ubuntu's LTS. The 0.2.9.x series is the latest LTS which is also the one in Debian Stretch for which we'll be supporting until Jan 1st, 2020.

I believe sdeziel also has volunteered to properly maintain the health of the "tor" package in Ubuntu and our Debian packager (weasel) has been doing a fantastic job at keeping tor packages stable, up to date and released in time for any security issues we've had.

Please, feel free to reach out if you have any questions or concerns.
Thanks!

[1] https://hackerone.com/torproject
[2] https://trac.torproject.org/projects/tor/wiki/TROVE
[3] https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTorReleases