Hello, thanks for the bug report. Note that we don't just upgrade packages in our distributions to newest versions as a matter of course, we only upgrade packages for specific bugs or vulnerabilities: https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions We do have some exceptions to these rules for a handful of packages, see https://wiki.ubuntu.com/StableReleaseUpdates/MicroReleaseExceptions for details. For the clear majority of packages we prefer to apply specific patches to address specific issues.
I do not think we will perform an update from 0.2.3 to 0.2.4 in our released distributions unless there are more compelling reasons than "we think the NSA can break this algorithm". For our development distribution, saucy, perhaps an upgrade would make sense. It is slightly complicated that 0.2.4 is not yet in Debian testing, only in Debian experimental: http://packages.debian.org/search?keywords=tor -- but it would not hurt to ask for a sync, it may yet happen. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1222662 Title: Upgrade 2.4 (as recommended by Tor dev) - due to DHE 1024 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1222662/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
