Hi, all!
I've been working on a proposed change to Tor's LTS policies. I've run it by a few people already, and now I'm posting it here for wider comment.
(summary: If we decide to do this, we will still be able to do LTS releases, but we will backport fewer things to them, and we will make fewer promises about how well they will work on the network.)
===================== # Background and summary:
I'm proposing a change to Tor's long-term support (LTS) policies.
For reference, our current policy is described at https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/CoreTorRelea...
We've been struggling with our LTS policies for a while. In brief: we backport too many fixes, and we promise too much support for LTS releases.
The developers don't like it, because the amount of things that we keep trying to fix in our LTS releases keeps us working on old crufty code for a long time.
Many packagers don't like it, because they have a policy of auditing security backports, and we backport too much to our LTS releases for them to audit carefully.
And our network maintenance group doesn't like it, because our commitment to supporting very old protocol versions keeps us from implementing performance and security improvements on a rapid schedule, unless we backport those changes to the LTS releases.
Therefore, we're going to propose these changes: - That once a release becomes LTS-only, its code no longer gets anything but security patches (narrowly defined), and minimal patches to keep it working on the network.
- We will no longer guarantee that an LTS-only release will work (or work well) on the mainline Tor network for its entire LTS lifetime. We'll try to deliver this if we can, but it won't be a definite guarantee.
# In more detail
We propose the following release statuses:
- Development. (Every series starts out in this state as an alpha.)
- Stable. (Once a series is officially 'ready', we call it stable.)
- Old-stable. (Every supported stable release, except the most recent one, is in this state.)
- Long-term support only. (Any LTS release, once a newer release has become old-stable. Only certain releases will get LTS support.)
Every series starts out in "development". Once it's officially ready, we call it "stable". All stable releases besides the most recent one are "old-stable".
Allowed in all releases: - Updates to authorities list - Updates to fallbackdirs list - Updates to geoip database
LTS-only (any LTS release, once an newer release is oldstable): - Only two kinds of changes are allowed: - Security fixes, narrowly defined. (See below for a definition.) - _Simple_ patches that keep the release functional on the network. - Relays are not guaranteed to be supported on the network, although we'll try not to remove them gratuitously. - Clients and onion services are not guaranteed to work on the network, although we'll try not to break them gratuitously.
In other words, with an LTS release there will be no guarantee that the software works on the network. The promise is that we will keep it working on the network when we can do so with simple low-risk patches, and that _if_ it works, we will fix security problems in it.
Oldstable (All stable releases besides the most recent stable release): - Stability fixes are also allowed. - Relays will be supported on the network. - Clients and onion services will be supported on the network. - Dirauths may be supported.
Stable (The single most recent stable release): - All fixes are allowed. - Relays will be supported on the network. - Clients and onion services will be supported on the network. - Dirauths will be supported.
Development: - All fixes are allowed. - Relays will be supported on the network. - Clients and onion services will be supported on the network. - Dirauths will be supported.
==============================
What is a security fix? - It is a _bugfix_ that resolves a vulnerability. _Features_ that make Tor more private, anonymous, or more secure won't count.
==============================
The LTS policy above will apply to 0.3.5 _starting with 0.3.5.14_, since we've already made backports that will appear in 0.3.5.13.
We have already committed to making 0.3.5 an LTS release until Feb 1, 2022.
We also now commit to making 0.4.5 an LTS release until _at least_ Feb 15, 2023. Whether we continue to do this LTS for longer will depend on our experiences with this new policy.
==============================
So, any proposed amendments to this?
best wishes,