Re: Tor 0.2.2.19-alpha is out
On Tue, 30 Nov 2010 16:25:25 + Matthew wrote: > In System / Administration / Software Sources / Authentication there > is an deb.torproject.org archive signing key dated 2009-09-04 with > the value 886DDD89. This is correct. > Am I correct to think that this key sufficient to verify updates when > using sources.list. This is correct. > Also, who exactly owns 886DDD89? Is it a specific person or for > torproject.org as a whole? If you gpg --list-sigs 0x886DDD89 You can see who signed the key. It is a role key that the packagers use to sign the builds, rather than using their own personal keys. It is up to you if you trust the key and those who signed it implying validity. -- Andrew pgp 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor 0.2.2.19-alpha is out
I notice that 0.2.1.27 was downloaded today by the Synaptic Update Manager. Thanks for creating it. I have a question about the procedure for verifying signatures. My sources.list file contains: deb http://deb.torproject.org/torproject.org lucid main System / Administration / Software Sources / Other Software also lists http://deb.torproject.org/torproject.org lucid main In System / Administration / Software Sources / Authentication there is an deb.torproject.org archive signing key dated 2009-09-04 with the value 886DDD89. Am I correct to think that this key sufficient to verify updates when using sources.list. My impression is that the page https://www.torproject.org/docs/verifying-signatures.html.en refers to verifying files that have been manually downloaded (rather than through Update Manager). Also, who exactly owns 886DDD89? Is it a specific person or for torproject.org as a whole? Thanks. On 28/11/10 21:55, and...@torproject.org wrote: On Sun, Nov 28, 2010 at 08:56:13PM +, pump...@cotse.net wrote 5.4K bytes in 125 lines about: : I am curious how to get 0.2.1.27 in the preferred way when using : Ubuntu. Thanks! You are doing it correctly. Packages for ubuntu/debian for 0.2.1.27 aren't created yet. We announce the source release before the binary packages we create are available. It's generally a few days from source release to binary package availability. The exception here is OS X PPC, which lacks a build machine right now.
Re: Tor 0.2.2.19-alpha is out
On Sun, Nov 28, 2010 at 08:56:13PM +, pump...@cotse.net wrote 5.4K bytes in 125 lines about: : I am curious how to get 0.2.1.27 in the preferred way when using : Ubuntu. Thanks! You are doing it correctly. Packages for ubuntu/debian for 0.2.1.27 aren't created yet. We announce the source release before the binary packages we create are available. It's generally a few days from source release to binary package availability. The exception here is OS X PPC, which lacks a build machine right now. -- Andrew pgp key: 31B0974B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor 0.2.2.19-alpha is out
Can I please clarify something. The latest stable release for Windows and Ubuntu is called 0.2.1.27. My version for Ubuntu is 0.2.1.26. If one has placed the correct commands in one's /etc/apt/sources.list as detailed here (https://www.torproject.org/docs/debian.html.en) then why is it that Synpaptic Package Manager has not asked me if I want to download 0.2.1.27? I have also just done sudo apt-get upgrade and sudo apt-get update and still I am using 0.2.1.26. I see that you can manually download and install the 0.2.1.27 with the tarball but here (https://www.torproject.org/docs/tor-doc-unix.html.en) the page says to use the sources.list option if one is using Ubuntu. I am curious how to get 0.2.1.27 in the preferred way when using Ubuntu. Thanks! On 25/11/10 23:41, Roger Dingledine wrote: Yet another OpenSSL security patch broke its compatibility with Tor: Tor 0.2.2.19-alpha makes relays work with OpenSSL 0.9.8p and 1.0.0.b. https://www.torproject.org/download/download Changes in version 0.2.2.19-alpha - 2010-11-21 o Major bugfixes: - Resolve an incompatibility with openssl 0.9.8p and openssl 1.0.0b: No longer set the tlsext_host_name extension on server SSL objects; but continue to set it on client SSL objects. Our goal in setting it was to imitate a browser, not a vhosting server. Fixes bug 2204; bugfix on 0.2.1.1-alpha. o Minor bugfixes: - Try harder not to exceed the maximum length of 50 KB when writing statistics to extra-info descriptors. This bug was triggered by very fast relays reporting exit-port, entry, and dirreq statistics. Reported by Olaf Selke. Bugfix on 0.2.2.1-alpha. Fixes bug 2183. - Publish a router descriptor even if generating an extra-info descriptor fails. Previously we would not publish a router descriptor without an extra-info descriptor; this can cause fast exit relays collecting exit-port statistics to drop from the consensus. Bugfix on 0.1.2.9-rc; fixes bug 2195.
Tor 0.2.2.19-alpha is out
Yet another OpenSSL security patch broke its compatibility with Tor: Tor 0.2.2.19-alpha makes relays work with OpenSSL 0.9.8p and 1.0.0.b. https://www.torproject.org/download/download Changes in version 0.2.2.19-alpha - 2010-11-21 o Major bugfixes: - Resolve an incompatibility with openssl 0.9.8p and openssl 1.0.0b: No longer set the tlsext_host_name extension on server SSL objects; but continue to set it on client SSL objects. Our goal in setting it was to imitate a browser, not a vhosting server. Fixes bug 2204; bugfix on 0.2.1.1-alpha. o Minor bugfixes: - Try harder not to exceed the maximum length of 50 KB when writing statistics to extra-info descriptors. This bug was triggered by very fast relays reporting exit-port, entry, and dirreq statistics. Reported by Olaf Selke. Bugfix on 0.2.2.1-alpha. Fixes bug 2183. - Publish a router descriptor even if generating an extra-info descriptor fails. Previously we would not publish a router descriptor without an extra-info descriptor; this can cause fast exit relays collecting exit-port statistics to drop from the consensus. Bugfix on 0.1.2.9-rc; fixes bug 2195. signature.asc Description: Digital signature