tor security updates

Luke Macken lmacken at redhat.com
Sun Aug 19 10:22:14 UTC 2007 

On Sun, Aug 19, 2007 at 11:12:35AM +0200, Michael Schwendt wrote:
> On Sat, 18 Aug 2007 15:36:36 -0400, Todd Zullinger wrote:
> 
> > Michael Schwendt wrote:
> > > On Sat, 18 Aug 2007 15:08:20 -0400, Todd Zullinger wrote:
> > > 
> > >> Someone asked on fedora-list about updates to tor which fix some
> > >> security issues.  The version in F7 is 0.1.2.13, while the latest
> > >> upstream is 0.1.2.16.  Looking in Koji, 0.1.2.1{4,5,6} have all
> > >> been built (with 0.1.2.16 having been built on August 2*), yet all
> > >> of them are in the pending state still.  Does anyone know the
> > >> reason they're not being pushed to updates-testing?
> > >> 
> > >> * successfully for F7, but failed for rawhide with what looks like
> > >>   one of the "open_missing_mode" errors.
> > > 
> > > Have you pushed them using Bodhi, the "Fedora Updates System"?
> > > https://admin.fedoraproject.org/updates
> > 
> > I'm not the maintainer, Enrico Scholz is.  So we'd have to ask him
> > that.  (I'm also not a tor user, I was just made curious when I looked
> > into it to try and answer the question on fedora-list.)  It definitely
> > seems odd that the packages were built quite quickly after the
> > upstream releases were made and then left to sit in the pending state
> > for so long.
> > 
> > For the reference of others, here are the relevant links to Bodhi and
> > Koji:
> > 
> > https://admin.fedoraproject.org/updates/tor
> > http://koji.fedoraproject.org/koji/packageinfo?packageID=4002
> 
> Enrico has had trouble before inside Bodhi, the updates system, with
> other packages. It wouldn't surprise me if he's unhappy with the extra
> burden and waits for a convenient "make release" or similar.

He hasn't reported any problems upstream, nor has he made the effort to
comment on any of his updates regarding said issues.  Many people have
given feedback on his updates, and he receives an email for each one.
If he is unhappy with the burden of being a maintainer, we need to
figure out why so we can address it properly, and possibly find a
co-maintainer willing to utilize our existing tools while we resolve the
problem.

luke

More information about the Fedora-maintainers mailing list