23/04/14 16:51, Nick Mathewson wrote: > On Wed, Apr 23, 2014 at 10:28 AM, anonym <ano...@riseup.net> wrote: >> 21/04/14 12:27, Nusenu wrote: >>> Hi, >>> >>> the code to blacklist heartbleed affected tor directory authority keys >>> has been merged about a week ago [1]. >>> >>> Do you have an ETA on when you are going to release it (tor and TBB >>> packages)? >> >> As the release manager for the Tails 1.0 release I'm also interested in >> an ETA for this. Ideally the Tails image intended for the 1.0 release >> will be built on 2014-04-27 (so this is when we'll truly freeze the >> version of Tor), and released two days later. We Tails developers would >> find it sad if its core piece of software becomes out-dated immediately >> or even just shortly after that. >> >> Nick (or any one else in the loop), do you have any idea of timings for >> the next stable Tor release? > > My goal is to get out a new alpha with the blacklist this week, and an > 0.2.4 release by the end of the month. > > This is a goal; I don't know if I'm going to be able to make it, and I > can't make mpromises there.
Thanks for letting us know! > If you like, it could be entirely reasonable to backport the code in > question; the relevant commits are: > > 50ad3939242885b1a1a11688abd0c9756631747f > 46cf63bb42f2818201bc0c39036f2c17e210fcdb > 2ce0750d21d04c39a5a948b3d96203d8f68ae7ad > ef3d7f2f97caf961effd7935dd3231e6bba62ca5 Given the planned release date for Tails 1.0, this actually doesn't look too bad a compromise. I had a quick look at the other tickets tagged `024-backport` and nothing seemed very important. However, before deciding on this, I'd really appreciate a confirmation from any of you Tor devs that, as it looks now, the next 0.2.4 release will have no other important security fixes affecting *Linux* *clients*. So, will it? Cheers! -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
