Clarify new intended strategy with TROVE-2021-001

We're going to disable this feature in all versions for now.

changes/ticket40286_minimal

@@ -1,5 +1,6 @@
-  o Major bugfixes (denial of service):
+  o Major bugfixes (security, denial of service):
     - Disable the dump_desc() function that we used to dump unparseable
       information to disk. It was called incorrectly in several places,
-      in a way that could lead to excessive CPU usage.
+      in a way that could lead to excessive CPU usage.  Fixes bug 40286;
-      Fixes bug 40286; bugfix on 0.2.2.1-alpha.
+      bugfix on 0.2.2.1-alpha. This bug is also tracked as
+      TROVE-2021-001 and CVE-2021-28089.

src/feature/dirparse/unparseable.c

@@ -493,8 +493,11 @@ dump_desc,(const char *desc, const char *type))
   tor_assert(desc);
   tor_assert(type);
 #ifndef TOR_UNIT_TESTS
-  /* On older versions of Tor we are disabling this function, since it
+  /* For now, we are disabling this function, since it can be called with
-   * can be called with strings that are far too long. */
+   * strings that are far too long.  We can turn it back on if we fix it
+   * someday, but we'd need to give it a length argument. A likelier
+   * resolution here is simply to remove this module entirely.  See tor#40286
+   * for background. */
   if (1)
     return;
 #endif