Re: [tor-dev] Next Tor release timeframes?

On Wed, Aug 8, 2012 at 5:04 AM, Roger Dingledine arma@mit.edu wrote:

1. Do we have any requirements to release an 0.2.4.1-alpha at any

particular date? I haven't been following e.g. the latest SponsorG timelines.

2. Nick was enthusiastic about an 0.2.2.38 with the latest fix. Nick,

do you still think that's important? My sense is that it's a totally esoteric theoretical attack where there's no rush to release.

Bug 6530 is the one to worry about. It's a remotely triggerable DoS vulnerability where you can crash anybody who tries to download a networkstatus consensus from you. That's not "esoteric" or "theoretical."

3. For the next 0.2.3 rc, we might want to merge at least:

https://trac.torproject.org/projects/tor/ticket/6252

ok. Will merge, with bikeshed options not followed.

https://trac.torproject.org/projects/tor/ticket/6404

Agreed, but it needs review!