© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Hi,
I agree that even though "tor" is in universe, it's very important for its users that it is functional and safe. I had a chat with Tor upstream about this and the recommendation was effectively to either use their LTS releases and keep up with their security updates, which Simon kindly offered to do for us, or remove the package from the archive entirely, forcing tor users to go and get it from upstream directly.
Since Simon volunteered to do the Ubuntu maintenance for Tor, I'm fine with both updating zesty to the latest bugfix release of that LTS series (and that would already fit the normal SRU process). But I'm also happy with bumping the tor release in xenial to be something which upstream offers LTS support on.
To minimize the risk of regressions, we'll do that in a few step:
1) I'm going to accept the zesty SRU into -proposed
2) We'll wait for it to be verified and released to -updates
3) We'll then let the xenial SRU into -proposed (effectively same content as the zesty one)
4) We'll wait for it to be verified and if no bug was filed against either the xenial or zesty SRU by that point, will release it too
This effectively doubles the testing time for the package, slowly exposing it to more and more users:
- First to zesty-proposed users
- Then to zesty-updates users too
- And then to those as well as xenial-proposed users
That will likely take us 2-3 weeks to get it all done at which point we'll have a supportable tor in both xenial and zesty.