[tor-bugs] #19496 [Internal Services/Service - deb.tpo]: Remove deb.tpo obfs4proxy Debian packages (was: Provide backports for obfs4proxy Debian packages)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri May 10 20:11:02 UTC 2019
#19496: Remove deb.tpo obfs4proxy Debian packages
-------------------------------------------------+-------------------------
Reporter: irl | Owner: irl
Type: task | Status:
| assigned
Priority: Medium | Milestone:
Component: Internal Services/Service - deb.tpo | Version:
Severity: Normal | Resolution:
Keywords: debian,packaging,obfs4proxy | Actual Points:
Parent ID: #30471 | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by arma):
* owner: (none) => irl
* status: new => assigned
* component: Circumvention/Obfs4 => Internal Services/Service - deb.tpo
Comment:
I'm hijacking this ticket to be about removing our separate, unmaintained,
obfs4proxy packages.
We're shipping obfs4proxy 0.0.7-1 on deb.tpo.
weasel points out that since go statically compiles stuff, that old
package is shipping with a go that now has security bugs. That's no good.
In the mean time, Debian stable now has 0.0.7-1+b2, which presumably is
where the underlying go libs got rebuilt.
Everything else we care about has at least that version of obfs4proxy too,
except Ubuntu 16.04, which still ships with 0.0.6-2.
So the most straightforward thing to do is to get rid of our obfs4proxy
component in deb.tpo -- nobody should be using it. And to fix the
documentation that tells people to add that repo to their apt sources,
e.g.
https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxy
And then if folks want to make debs for newer versions of obfs4proxy, we
should get those into debian testing, and reevaluate once that's done.
Sound plausible?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19496#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list