[tor-dev] RFC: Tor long-term support policy

Nick Mathewson nickm at freehaven.net
Fri Jan 13 14:29:25 UTC 2017


Hi, all!

This is a draft for a tor long-term support policy for the program
"tor". Please let me know what you think.  It's based on earlier work
and surveys, but it isn't final till we say it is, and it needs more
commentary.

Please keep in mind that dropping support for any old release is an
inconvenience to some nice busy people, and that supporting any old
release is an inconvenience to other nice busy people. Therefore,
"don't inconvenience anybody" is not a viable goal here: instead we
are stuck with a balancing act.

Also please remember the bikeshed.  ;)   http://bikeshed.com/



== Background ==

In the past, Tor has had no actual policy for how long we support
older releases of the core "tor" network program.  We've aimed for
informal rules like "support old releases as long as it isn't too
much trouble," or "support old releases as long as a lot of people
really need it," but these aren't working so well with our new
release schedule.

The good thing about our new release schedule is that we try to put
out two stable release series per year, when previously we were
finishing release series once every ~18 months.  But this means
that, to support the last N years of releases, we need to support
three times as many older release series as we did before. This
won't scale, and probably isn't a good use of our time.

Therefore, we're adopting a practice from several other free
software projects with a rapid release schedule: we are going to
support some Tor releases for different amounts of time than others.


== Levels of support ==

Here's the plan.

  * Every new release series will be supported for at least nine
    months after it becomes stable, and for at least three months
    after another release series becomes stable.

      Example:
        * The first 0.2.8.x stable release was released in August
          2016.  So it will be supported until at least 9 months
          later, in May 2017.  But if the first 0.2.9.x stable
          release had not been released until April 2017, we'd keep
          supporting 0.2.8.x for another 3 months past that point,
          to July 2017.

  * Occasionally, we will designate some Tor release series as
    "long-term support" releases. These will be supported for an
    amount of time to be announced in advance -- typically, for 3 years.

  * For the release series that exist today, we will support them
    according to the schedule at the end of this document.


== What does support entail? ==


For all supported releases, we intend:

  * Information needed to connect to the Tor network (directory
    authorities, fallback directories, geoip tables) will be kept
    up-to-date.

  * Important security issues will get fixed.

  * Major stability issues will get fixed.

  * Portability regressions will get fixed.

  * Portability bugs to major supported platforms will get fixed.


For the most recent supported stable release only:

  * Misleading documentation will get fixed.

  * Smaller bugs that significantly impact user experience will get
    fixed.


We do NOT expect:

  * That directory authorities will be able to run any but the
    two most recent stable releases.

  * That unsupported releases will all work on the Tor network.

  * That unsupported releases will all fail to work on the Tor network.

  * That older supported releases will provide the same privacy as
    the newer ones.


== The obligatory disclaimer ==

This document is about plans, not promises.  We'll try hard to
follow through on these plans, but it's always possible that
something unexpected will happen and we'll need to choose between
following this policy to the letter and maintaining our users'
security.  If that happens, we'll aim for protecting our users.


== Plan for current releases ==

0.2.4.x, 0.2.6.x, and 0.2.7.x, will all receive at least one more
   stable release.  Support for them will end on 1 August 2017.

0.2.8.x will be supported until 1 January 2018.

0.2.5.x is retroactively declared an LTS release, and will be
   supported until 1 May 2018.

0.2.9.x is an LTS release, and will be supported until at least
   1 January 2020.


More information about the tor-dev mailing list