1) Do we have any requirements to release an 0.2.4.1-alpha at any particular date? I haven't been following e.g. the latest SponsorG timelines.
2) Nick was enthusiastic about an 0.2.2.38 with the latest fix. Nick, do you still think that's important? My sense is that it's a totally esoteric theoretical attack where there's no rush to release.
3) For the next 0.2.3 rc, we might want to merge at least: https://trac.torproject.org/projects/tor/ticket/6252 https://trac.torproject.org/projects/tor/ticket/6404
--Roger
On Wed, Aug 8, 2012 at 5:04 AM, Roger Dingledine arma@mit.edu wrote:
- Do we have any requirements to release an 0.2.4.1-alpha at any
particular date? I haven't been following e.g. the latest SponsorG timelines.
- Nick was enthusiastic about an 0.2.2.38 with the latest fix. Nick,
do you still think that's important? My sense is that it's a totally esoteric theoretical attack where there's no rush to release.
Bug 6530 is the one to worry about. It's a remotely triggerable DoS vulnerability where you can crash anybody who tries to download a networkstatus consensus from you. That's not "esoteric" or "theoretical."
- For the next 0.2.3 rc, we might want to merge at least:
ok. Will merge, with bikeshed options not followed.
Agreed, but it needs review!
On 8/8/12 8:38 PM, Nick Mathewson wrote:
On Wed, Aug 8, 2012 at 5:04 AM, Roger Dingledine arma@mit.edu wrote:
- Do we have any requirements to release an 0.2.4.1-alpha at any
particular date? I haven't been following e.g. the latest SponsorG timelines.
Yes, we should have "tested packages" by September 14:
https://trac.torproject.org/projects/tor/ticket/6374
https://trac.torproject.org/projects/tor/ticket/6375
Best, Karsten
- Nick was enthusiastic about an 0.2.2.38 with the latest fix. Nick,
do you still think that's important? My sense is that it's a totally esoteric theoretical attack where there's no rush to release.
Bug 6530 is the one to worry about. It's a remotely triggerable DoS vulnerability where you can crash anybody who tries to download a networkstatus consensus from you. That's not "esoteric" or "theoretical."
- For the next 0.2.3 rc, we might want to merge at least:
ok. Will merge, with bikeshed options not followed.
Agreed, but it needs review!