#25558 closed defect (fixed)

Warning on Relay Search about outdated Tor is misleading

Reported by: pastly Owned by: irl
Priority: Medium Milestone:
Component: Metrics/Relay Search Version:
Severity: Minor Keywords:
Cc: metrics-team Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Relay Search currently gives the same warning for all relays that don't have a version recommended by the directory authorities. The message assumes no one is running super-mega-alpha Tor versions that are too bleeding edge (and buggy).

Instead of

This relay is running an outdated Tor version and should be updated to a recent release of Tor that may contain important fixes.

How about "This relay is running a version of Tor that is not recommended. It is either too new (likely to contain unknown bugs) or too old (likely to be missing important security fixes)."

Or with a minor variation "This relay is running a version of Tor that is not recommended. It is most likely too old (likely to be missing important security fixes) but may instead be too new (likely to contain unknown bugs)."

Child Tickets

Change History (8)

comment:1 Changed 12 months ago by arma

See also #24256 for the bigger ticket.

I'd be a bit sad to tell people that our new versions are "likely to contain unknown bugs" -- that is a bit too scary sounding, right? :)

comment:2 Changed 12 months ago by irl

I think we probably do want the average relay operator to be scared to run pre-release software, still maybe the phrasing is a little too much. We also don't want to go the other way where relay operators decide to add iptables rules to drop traffic to relays running pre-release versions (I've seen similar things happen).

comment:3 in reply to:  1 ; Changed 12 months ago by cypherpunks

Replying to arma:

See also #24256 for the bigger ticket.

I'd say lets close this (#25558) as a duplicate of #24256

comment:4 in reply to:  2 Changed 12 months ago by arma

Replying to irl:

We also don't want to go the other way where relay operators decide to add iptables rules to drop traffic to relays running pre-release versions

Remember also that *users* use atlas to better understand the relays they might use. Do you want the people who make relay blacklists to add all of the relays-running-new-versions to their lists, because we said they are insecure?

comment:5 in reply to:  3 Changed 12 months ago by irl

Cc: metrics-team added
Owner: changed from metrics-team to irl
Status: newaccepted

Replying to cypherpunks:

I'd say lets close this (#25558) as a duplicate of #24256

This is not a duplicate. This ticket is about updating the text to make it more useful as an intermediate step between now and #24256 being implemented.

Replying to arma:

Remember also that *users* use atlas to better understand the relays they might use. Do you want the people who make relay blacklists to add all of the relays-running-new-versions to their lists, because we said they are insecure?

That too, indeed.

My attempt:

This relay is running a version of Tor that is not recommended.
It is most likely too old and may be missing important security fixes. If
this is the case, and this is your relay, you should update it as soon as
possible. Pre-release versions (versions that are too new) are also not
recommended and so will trigger this warning message.

comment:6 Changed 12 months ago by irl

arma suggested to change the last sentence to:

Development versions (versions that are too new) will also trigger this warning message (see bug <a href="">xxx</a>).

I think we should make that change.

comment:7 Changed 12 months ago by irl

Status: acceptedmerge_ready

I've made these changes on my task/25558 branch.

comment:8 Changed 12 months ago by irl

Resolution: fixed
Status: merge_readyclosed

Merged.

Note: See TracTickets for help on using tickets.