On Sun, Apr 19, 2009 at 11:24:01AM -0500, Matt LaPlante wrote: > A heads-up for fellow Ubuntu users: The tor package has been removed > from Ubuntu Jaunty due to lack of maintainership. > > https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2009-April/007866.html
Yep. You can read a lot more about it here: https://bugs.launchpad.net/ubuntu/+source/tor/+bug/328442 and back from 2007 here: http://www.mailinglistarchive.com/[email protected]/msg24404.html Ubuntu hardy and intrepid are still shipping known-remote-vulnerable versions of Tor. The version they have in Intrepid is even known-remote-root-vulnerable. And they still haven't gotten around to fixing it. If you're going to include Tor in your distribution, you really have to maintain it. Since Ubuntu doesn't maintain packages in its Universe, it seemed like the smartest move to make sure we don't keep having this problem with every new Ubuntu version. You can find well-maintained Ubuntu packages here: https://wiki.torproject.org/noreply/TheOnionRouter/TorOnDebian I presume we'll put up jaunty packages when jaunty goes stable. In the mean time, I hear the intrepid packages work fine on jaunty. (Let me know if that's wrong, and I'll ask Peter to consider setting up a jaunty build environment sooner.) Thanks, --Roger

