Hello!
To repeat what recently[1] got brought up: it's time to get relays upgraded in case they are running the EOL 0.4.6.x Tor series. We'll start reaching out to operators with valid contact information this week and plan to reject relays which are still on 0.4.6.x in about 5 weeks from now on at the end of September. You can follow along that process in our bug tracker[2] if you want.
For the general processes around dealing with EOL relays in the Tor network see my mail from last October[3].
Feedback and improvements are welcome, as always.
Georg
[1] https://twitter.com/torproject/status/1557392816250441728 [2] https://gitlab.torproject.org/tpo/network-health/team/-/issues/252 [3] https://lists.torproject.org/pipermail/tor-relays/2021-October/019862.html
Georg Koppen:
Hello!
To repeat what recently[1] got brought up: it's time to get relays upgraded in case they are running the EOL 0.4.6.x Tor series. We'll start reaching out to operators with valid contact information this week and plan to reject relays which are still on 0.4.6.x in about 5 weeks from now on at the end of September. You can follow along that process in our bug tracker[2] if you want.
I just pushed a commit to get 459 relays still being on 0.4.6.x rejected. This will take effect once a majority of directory authorities has picked up that change (likely in the coming hours).
We refrained from doing the same for bridges, though, given the current high demand particularly in Russia and Iran. However, we'll closely monitor the situation and will follow up with the removal of 0.4.6.x running bridges as soon as we think it is acceptable, taking security and censorship circumvention concerns into account.
Thanks, Georg
For the general processes around dealing with EOL relays in the Tor network see my mail from last October[3].
Feedback and improvements are welcome, as always.
Georg
[1] https://twitter.com/torproject/status/1557392816250441728 [2] https://gitlab.torproject.org/tpo/network-health/team/-/issues/252 [3] https://lists.torproject.org/pipermail/tor-relays/2021-October/019862.html
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
In the past one of the first steps was to update the 'recommended versions' at dir auths so operators get to see an indicator on Relay Search and in their logs if they run old versions of tor, even if they do not have any usable ContactInfo that can be used to potentially reach them.
dir auths still recommend running tor 0.4.6.x versions today, so relay operators never got any indicator on RS or in their logs - this is a missed opportunity.
the current list of recommended server versions [1]:
server-versions 0.4.5.5-rc, 0.4.5.6, 0.4.5.7, 0.4.5.8, 0.4.5.9, 0.4.5.10, 0.4.5.11, 0.4.5.12, 0.4.5.14, 0.4.6.1-alpha, 0.4.6.2-alpha, 0.4.6.3-rc, 0.4.6.4-rc, 0.4.6.5, 0.4.6.6, 0.4.6.7, 0.4.6.8, 0.4.6.9, 0.4.6.10, 0.4.6.12, 0.4.7.1-alpha, 0.4.7.2-alpha, 0.4.7.3-alpha, 0.4.7.4-alpha, 0.4.7.5-alpha, 0.4.7.6-rc, 0.4.7.7, 0.4.7.8, 0.4.7.10
actively and regularly maintaining that list and making a more clear and prominent indicator on Relay Search would help the tor network.
On Sat, Oct 08, 2022 at 02:54:41PM +0200, nusenu wrote:
dir auths still recommend running tor 0.4.6.x versions today, so relay operators never got any indicator on RS or in their logs - this is a missed opportunity.
Good catch -- I've just started the process of getting the directory authorities to un-recommend the 0.4.6 versions.
And you're right that it is a missed opportunity for those fingerprints that started the process of getting bumped out a few days ago.
But (a) new relays that show up on 0.4.6, i.e. that don't have fingerprints that are in the reject list, will see the warning about versions,
and (b) I'm going to hold off on applying the big set of 0.4.6 reject lines on moria1, so now moria1 should be issuing a warning about versions, rather than a warning about a rejected fingerprint, to affected relays.
So at least in the case where the operator reads their logs well, they should have some better idea what is up.
Thanks! --Roger
Roger Dingledine arma@torproject.org wrote:
On Sat, Oct 08, 2022 at 02:54:41PM +0200, nusenu wrote:
dir auths still recommend running tor 0.4.6.x versions today, so relay operators never got any indicator on RS or in their logs - this is a missed opportunity.
Good catch -- I've just started the process of getting the directory authorities to un-recommend the 0.4.6 versions.
And you're right that it is a missed opportunity for those fingerprints that started the process of getting bumped out a few days ago.
But (a) new relays that show up on 0.4.6, i.e. that don't have fingerprints that are in the reject list, will see the warning about versions,
and (b) I'm going to hold off on applying the big set of 0.4.6 reject lines on moria1, so now moria1 should be issuing a warning about versions, rather than a warning about a rejected fingerprint, to affected relays.
It seems worth pointing out that one directory authority was reporting some hours ago that it was running 0.4.7.9, which also is not in the lists of client-versions or server-versions announced in the hourly consensus files.
Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at sdf.org *xor* bennett at freeshell.org * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************
tor-relays@lists.torproject.org
-
Georg Koppen -
nusenu -
Roger Dingledine -
Scott Bennett