Ok. So the current status as I understand it is that Ubuntu would rather
ship known-vulnerable (and in the Intrepid case, known-remote-root-vulnerable!)
versions of Tor rather than use the Ubuntu debs that we provide.
Sounds like the correct solution is to a) take it out of Jaunty (as Martin said
he would do, above, but I think it hasn't been done yet?), and b) use the
Hardy and Intrepid debs that we provide in the noreply.org repository.
I understand that you want testers, but apparently nobody reads this bug
report except people who don't have time to test. I say that the noreply debs --
even if not "officially" tested, whatever that means -- are a huge improvement
over the known-remote-vulnerable versions you ship in Hardy and Intrepid.
Ok. So the current status as I understand it is that Ubuntu would rather root-vulnerable !)
ship known-vulnerable (and in the Intrepid case, known-remote-
versions of Tor rather than use the Ubuntu debs that we provide.
Sounds like the correct solution is to a) take it out of Jaunty (as Martin said
he would do, above, but I think it hasn't been done yet?), and b) use the
Hardy and Intrepid debs that we provide in the noreply.org repository.
I understand that you want testers, but apparently nobody reads this bug vulnerable versions you ship in Hardy and Intrepid.
report except people who don't have time to test. I say that the noreply debs --
even if not "officially" tested, whatever that means -- are a huge improvement
over the known-remote-