Ok. So the current status as I understand it is that Ubuntu would rather ship known-vulnerable (and in the Intrepid case, known-remote-root-vulnerable!) versions of Tor rather than use the Ubuntu debs that we provide.
Sounds like the correct solution is to a) take it out of Jaunty (as Martin said he would do, above, but I think it hasn't been done yet?), and b) use the Hardy and Intrepid debs that we provide in the noreply.org repository. I understand that you want testers, but apparently nobody reads this bug report except people who don't have time to test. I say that the noreply debs -- even if not "officially" tested, whatever that means -- are a huge improvement over the known-remote-vulnerable versions you ship in Hardy and Intrepid. -- Tor 0.1.2.x abandoned by upstream, update to 0.2.0.34 https://bugs.launchpad.net/bugs/328442 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
