[tor-relays] Tor 0.4.6.x is unsupported, please upgrade

Hello!

To repeat what recently[1] got brought up: it's time to get relays upgraded in case they are running the EOL 0.4.6.x Tor series. We'll start reaching out to operators with valid contact information this week and plan to reject relays which are still on 0.4.6.x in about 5 weeks from now on at the end of September. You can follow along that process in our bug tracker[2] if you want.

For the general processes around dealing with EOL relays in the Tor network see my mail from last October[3].

Feedback and improvements are welcome, as always.

Georg

[1] https://twitter.com/torproject/status/1557392816250441728
[2] Deal with EOL 0.4.6.x relays and bridges (#252) · Issues · The Tor Project / Network Health / Team · GitLab
[3] [tor-relays] Relays running an unsupported (EOL) Tor version

Georg Koppen:

Hello!

To repeat what recently[1] got brought up: it's time to get relays upgraded in case they are running the EOL 0.4.6.x Tor series. We'll start reaching out to operators with valid contact information this week and plan to reject relays which are still on 0.4.6.x in about 5 weeks from now on at the end of September. You can follow along that process in our bug tracker[2] if you want.

I just pushed a commit to get 459 relays still being on 0.4.6.x rejected. This will take effect once a majority of directory authorities has picked up that change (likely in the coming hours).

We refrained from doing the same for bridges, though, given the current high demand particularly in Russia and Iran. However, we'll closely monitor the situation and will follow up with the removal of 0.4.6.x running bridges as soon as we think it is acceptable, taking security and censorship circumvention concerns into account.

Thanks,
Georg

In the past one of the first steps was to update the 'recommended versions' at dir auths
so operators get to see an indicator on Relay Search and in their logs if they run old versions of tor,
even if they do not have any usable ContactInfo that can be used to potentially reach them.

dir auths still recommend running tor 0.4.6.x versions today, so relay operators never got any indicator
on RS or in their logs - this is a missed opportunity.

the current list of recommended server versions [1]:

server-versions 0.4.5.5-rc, 0.4.5.6, 0.4.5.7, 0.4.5.8, 0.4.5.9, 0.4.5.10, 0.4.5.11, 0.4.5.12, 0.4.5.14, 0.4.6.1-alpha, 0.4.6.2-alpha, 0.4.6.3-rc, 0.4.6.4-rc, 0.4.6.5, 0.4.6.6, 0.4.6.7, 0.4.6.8, 0.4.6.9, 0.4.6.10, 0.4.6.12, 0.4.7.1-alpha, 0.4.7.2-alpha, 0.4.7.3-alpha, 0.4.7.4-alpha, 0.4.7.5-alpha, 0.4.7.6-rc, 0.4.7.7, 0.4.7.8, 0.4.7.10

actively and regularly maintaining that list and making a
more clear and prominent indicator on Relay Search would help the tor network.

Good catch -- I've just started the process of getting the directory
authorities to un-recommend the 0.4.6 versions.

And you're right that it is a missed opportunity for those fingerprints
that started the process of getting bumped out a few days ago.

But (a) new relays that show up on 0.4.6, i.e. that don't have
fingerprints that are in the reject list, will see the warning about
versions,

and (b) I'm going to hold off on applying the big set of 0.4.6 reject
lines on moria1, so now moria1 should be issuing a warning about versions,
rather than a warning about a rejected fingerprint, to affected relays.

So at least in the case where the operator reads their logs well, they
should have some better idea what is up.

Thanks!
--Roger

It seems worth pointing out that one directory authority was reporting
some hours ago that it was running 0.4.7.9, which also is not in the lists
of client-versions or server-versions announced in the hourly consensus
files.

                                  Scott Bennett, Comm. ASMELG, CFIAG