ubuntu-ngo team mailing list archive

Thread
Date

[Bug 413657] Re: Please sync tor 0.2.1.19-1 (universe) from Debian testing (main)

To: ubuntu-ngo@xxxxxxxxxxxxxxxxxxx
From: Scott Kitterman <ubuntu@xxxxxxxxxxxxx>
Date: Sat, 14 Nov 2009 14:57:39 -0000
Reply-to: Bug 413657 <413657@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

If I'm reading comment #4 correctly, we could only ever sync from Debian
and not make our own changes to have a trusted signature.  I don't think
that would work out.  At the version least we need to be able to have
different package revision numbers for different releases when we do
updates.

It seems to me like if we are going to do this, we would need some kind
of plan like we use for clamav:

https://wiki.ubuntu.com/ClamavUpdates

If the signing key issue is important, we'll also need a MOTU who's key
is trusted by TOR.

** Changed in: ubuntu
       Status: New => Incomplete

-- 
Please sync tor 0.2.1.19-1 (universe) from Debian testing (main)
https://bugs.launchpad.net/bugs/413657
You received this bug notification because you are a member of Ubuntu in
NGOs, which is a direct subscriber.

Status in Ubuntu: Incomplete

Bug description:
 tor  (0.2.1.19-1) unstable; urgency=low

   * New upstream version.
     - Make accessing hidden services on 0.2.1.x work right (closes: #538960).
     [More items are in the upstream changelog.]

 -- Peter Palfrader <weasel@xxxxxxxxxx>  Wed, 29 Jul 2009 12:49:03 +0200