Development builds published to stable APT repositories
Yesterday in the stable APT repository a couple of 2.5.x development builds for tor and tor-geoipdb appeared when I ran apt-get upgrade -s
on my Ubuntu Trusty box:
* Inst tor-geoipdb [0.2.4.23-2~trusty+1] (0.2.5.8-rc-1~trusty+1 trusty [all]) []
* Inst tor [0.2.4.23-2~trusty+1] (0.2.5.8-rc-1~trusty+1 trusty [amd64])
Users relying on the stable repository expect only stable builds, so this risky, possibly dangerous update was probably pushed by mistake. The development builds were also pushed to the APT repositories for Ubuntu Lucid, Precise, and Saucy; Debian Squeeze, Wheezy, Jessie, and Sid; and possibly others I haven't checked.
Here's the contents of my /etc/apt/sources.list.d/tor-stable.list
:
deb http://deb.torproject.org/torproject.org trusty main
deb-src http://deb.torproject.org/torproject.org trusty main
Trac:
Username: johnwang