On Wed, Aug 08, 2007 at 11:47:56AM -0400, Peter Thoenen wrote: > I hate to call Rui out in public but he is the maintainer here and very > non responsive to private emails about this.
you are kidding, right? I answered to your first email and told you how OpenBSD works. As nikolay@ said "Tor 1.2 only came out around the release of 4.1 and no update was marked a security update, so there was no reason to update the -stable ports." I didn't answer to your second non-sense email, that's true. Why? because you don't what you are talking about! Cheers, rui > Tor 1.1.x has BEEN DEPRECIATED from before the time 4.1 STABLE was > released (you were notified of this also Rui) and all version earlier > than 1.2.15 suffer a remote code exploitation which has been proven in > the wild already with technical details to be released to the public in > two week per the developers. The developers announced all users should > update immediately yet still not seeing this port updated in stable when > I csup. Can you (Rui) update this port finally as it would count as a > security update or you just going to hang out and continue to be a > subpar maintainer. If you don't want to maintain your own port then let > me know and I or somebody else can do it but this is ridiculous. You > missed the last couple stable releases and when informed of it you were > like "what the f*ck do I care ... OBSD isn't about the latest and > greatest. Compile it yourself". Well now we have a serious remote code > issue and a depreciated non-supported (in the current tor directory > services) package in OBSD ... is this a big enough issue to get you to care? > > NOTE: I am pretty indifferent if it is fixed in CURRENT. This is a > remote code exploit and I am pretty sure security patches are merged > into stable's port tree considering I see updates to it at least weekly. > > Sorry to be an ass Rui but with maintenance comes responsibility. > > -Peter
