Onion services v2 are retiring.
It's time to migrate to onion services v3.
Here is the planned deprecation timeline:
https://blog.torproject.org/v2-deprecation-timeline
@torproject that's too soon. Debian still officially supports versions that can't do v3.
@resist1984
If you're still running oldstable, you can remedy that in a number of ways:
1) upgrade to stable (the Hard-Freeze for the *next* stable release is in <1 week)
2) install tor from oldstable-backports (3.5.10) or -backports-sloppy (4.4.5)
While I (always) appreciate coordination, @torproject shouldn't restrict their own directions/actions based on what another project does.
It's also not the first time that Debian supports software which is unsupported upstream (f.e. Qt4 in Stable)
@FreePietje @torproject It's a reckless schedule largely because it lacks coordination with the highest quality most disciplined distro of all mainstream distros. Onion v2 & v3 can coexist just fine, but because of some people's unreasonable paranoia everyone is being hastily forced into upgrades and migrations.
@torproject @FreePietje Migrations are not just the flip of a switch. I've seen dist-upgrade totally hose a simple stock installation beyond repair. In my case I have some packages on life support which interact with other pkgs, a hack-job that becomes more labor intensive & fragile with every migration. It's reckless for Tor project to put unjustified urgency on v2 obsolescence when v3 can coexist.
@resist1984
> the highest quality most disciplined distro of all mainstream distros
Ofc I can only agree to that 😄
@torproject will remove support for onion v2 in *their* (ie upstream) git repo in version 4.6.
The Tor version in #Debian #Bullseye will be 4.5.6 which supports both v2 and v3 onions.
I don't recommend it, but that means you can use v2 for some 5+ years to come?
I don't think you can compare a whole OS upgrade with the upgrade of 1 package, unless I'm misunderstanding you.
@FreePietje @torproject I guess I didn't understand the consequences of v2 obsolescence. I thought the network and directory would break onion v2, so that a v2 supporting client couldn't talk to a v2 server. If the network will still allow v2, i'd say that's fair enough.
@torproject
Can you clarify this?
Recently I learned through an issue with v3 onions, that there was a central coordination part of the Tor network.
So the primary question is:
will onion v2 sites cease to function (at all) on October 15th, 2021 (onward)?
@FreePietje @torproject @resist1984 yup, v2 onion will be disabled from the Tor network on October 15th.
@ggus
Holy crap!
The impact of that is FAR bigger then I thought.
Deprecation in my understanding is a 'nudge' to use a better way.
Not "it ceases to work at all".
@resist1984 I still recommend to upgrade from oldstable, but other then that, it looks like you were (far) more correct then I was.
@torproject
Assuming gus is right, you really need to work on your messaging.
If you're intimately familiar with Tor internals, 'retiring' may have been clear enough.
For normal users, not so much.
@FreePietje @resist1984 a great and positive impact to the Tor network health. Please read why we’re removing v2 onions: https://lists.torproject.org/pipermail/tor-dev/2020-June/014365.html
@ggus @FreePietje I think everyone agrees that v3 is more secure. The problem is two-fold. It's a reckless schedule. Demanding everyone migrate in 15 months grossly miscalculates many different situations. Not everyone is a gamer who can simply hit an upgrade button without side-effects.. without important tools failing. 15 months would be reasonable *iff* the network were not impacted.
@FreePietje @ggus The 2nd problem is that people know their own threat models better than you do, and they know better than you if their adversary is going to have the capability of cracking RSA1024. Users should be in control of their own security, not have a vendor impose on them.
@resist1984 @FreePietje the problem is not only your threat model, but the whole Tor network.