On Wed, Apr 23, 2014 at 12:46 PM, anonym <ano...@riseup.net> wrote: [...] > Given the planned release date for Tails 1.0, this actually doesn't look > too bad a compromise. I had a quick look at the other tickets tagged > `024-backport` and nothing seemed very important.
For future reference, don't just look at 024-backport -- that's for tickets that are currently in 0.2.5 or later but which should (maybe!) get backported to 0.2.4 after a fix. Also look at the tickets in milestone "Tor: 0.2.4.x-final": those include ones that were never marked as backportable when they were in 0.2.5, but which, after resolving them, somebody decided we should consider for backport anyway. (It doesn't make a difference in this case, IMO, but it's something to be aware of.) > However, before > deciding on this, I'd really appreciate a confirmation from any of you > Tor devs that, as it looks now, the next 0.2.4 release will have no > other important security fixes affecting *Linux* *clients*. So, will it? It depends what you consider a "fix" versus a "feature", and what you think is "important". The only ones I'd consider to maybe meet your criteria are: #9386 #11438 -- those two will make clients significantly more resistant to using bad cryptography at the TLS layer. Also -- since you're asking for a solid confirmation here -- I need to insert the disclaimer that this is only based on what I know about today. I might be forgetting something, and we might learn about something tomorrow that would change all of this. In other words, it's a prediction, not a promise. ;) best wishes, -- Nick -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
