On Tue, Mar 24, 2020 at 03:23:26PM +0000, Peter Palfrader wrote: > On Tue, 24 Mar 2020, Emilio Pozuelo Monfort wrote: > > >> Upstream is no longer maintaining the 0.2.4.x tree. Maybe it's time to > > >> terminate support for Tor in wheezy/oldoldstable? > > > I think so. I have marked it as unsupported in debian-security-support. > > There's a new tor CVE. However upstream no longer supports 0.2.x.y, so > > stretch > > was EOL'ed. Given jessie has an even older version, I think we should > > follow suit. > I concur.
thanks for confirming (and maintaining tor in the first place), Peter.
I had already done this change locally in src:debian-security-support here and
just did the git push for it. Next step should probably be to release a DLA to
communicate this more widely. (And then, closer to the next poin releases,
updates
for d-s-s to buster, stretch and jessie.)
--
cheers,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
signature.asc
Description: PGP signature
