Hi, I agree that even though "tor" is in universe, it's very important for its users that it is functional and safe. I had a chat with Tor upstream about this and the recommendation was effectively to either use their LTS releases and keep up with their security updates, which Simon kindly offered to do for us, or remove the package from the archive entirely, forcing tor users to go and get it from upstream directly.
Since Simon volunteered to do the Ubuntu maintenance for Tor, I'm fine with both updating zesty to the latest bugfix release of that LTS series (and that would already fit the normal SRU process). But I'm also happy with bumping the tor release in xenial to be something which upstream offers LTS support on. To minimize the risk of regressions, we'll do that in a few step: 1) I'm going to accept the zesty SRU into -proposed 2) We'll wait for it to be verified and released to -updates 3) We'll then let the xenial SRU into -proposed (effectively same content as the zesty one) 4) We'll wait for it to be verified and if no bug was filed against either the xenial or zesty SRU by that point, will release it too This effectively doubles the testing time for the package, slowly exposing it to more and more users: - First to zesty-proposed users - Then to zesty-updates users too - And then to those as well as xenial-proposed users That will likely take us 2-3 weeks to get it all done at which point we'll have a supportable tor in both xenial and zesty. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1710753 Title: Please upgrade Xenial/Zesty to use the latest LTS point release of Tor (0.2.9) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1710753/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
