I hate to call Rui out in public but he is the maintainer here and very non responsive to private emails about this.
Tor 1.1.x has BEEN DEPRECIATED from before the time 4.1 STABLE was released (you were notified of this also Rui) and all version earlier than 1.2.15 suffer a remote code exploitation which has been proven in the wild already with technical details to be released to the public in two week per the developers. The developers announced all users should update immediately yet still not seeing this port updated in stable when I csup. Can you (Rui) update this port finally as it would count as a security update or you just going to hang out and continue to be a subpar maintainer. If you don't want to maintain your own port then let me know and I or somebody else can do it but this is ridiculous. You missed the last couple stable releases and when informed of it you were like "what the f*ck do I care ... OBSD isn't about the latest and greatest. Compile it yourself". Well now we have a serious remote code issue and a depreciated non-supported (in the current tor directory services) package in OBSD ... is this a big enough issue to get you to care? NOTE: I am pretty indifferent if it is fixed in CURRENT. This is a remote code exploit and I am pretty sure security patches are merged into stable's port tree considering I see updates to it at least weekly. Sorry to be an ass Rui but with maintenance comes responsibility. -Peter
