[tor-commits] [Git][tpo/applications/tor-browser-build][main] 2 commits: Updated gitlab merge request template

21 Jun 2023


      richard pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
aafb2ab9 by Richard Pospesel at 2023-06-20T21:22:57+00:00
Updated gitlab merge request template
- - - - -
82bb2187 by Richard Pospesel at 2023-06-20T21:22:59+00:00
Release Prep issue template updates
- - - - -
5 changed files:
- + .gitlab/issue_templates/Release Prep - Mullvad Browser Alpha.md
- .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md
- .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md
- .gitlab/issue_templates/Release Prep - Tor Browser Stable.md
- .gitlab/merge_request_templates/default.md
Changes:
=====================================
.gitlab/issue_templates/Release Prep - Mullvad Browser Alpha.md
=====================================
@@ -0,0 +1,195 @@
+<details>
+  <summary>Explanation of variables</summary>
+
+- `$(BUILD_SERVER)` : the server the main builder is using to build a mullvad-browser release
+- `$(BUILDER)` : whomever is building the release on the $(BUILD_SERVER)
+  - **example** : `pierov`
+- `$(STAGING_SERVER)` : the server the signer is using to to run the signing process
+- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building mullvad-browser tags, labels, etc
+  - **example** : `91.6.0`
+- `$(MULLVAD_BROWSER_MAJOR)` : the Mullvad Browser major version
+  - **example** : `11`
+- `$(MULLVAD_BROWSER_MINOR)` : the Mullvad Browser minor version
+  - **example** : either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
+- `$(MULLVAD_BROWSER_VERSION)` : the Mullvad Browser version in the format
+  - **example** : `12.5a3`, `12.0.3`
+- `$(BUILD_N)` : a project's build revision within a its branch; this is separate from the `$(MULLVAD_BROWSER_BUILD_N)` value; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build.
+    - **example** : `build1`
+- `$(MULLVAD_BROWSER_BUILD_N)` : the mullvad-browser build revision for a given Mullvad Browser release; used in tagging git commits
+    - **example** : `build2`
+    - **NOTE** : A project's `$(BUILD_N)` and `$(MULLVAD_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For **example** :
+      - if we have multiple Mullvad Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(MULLVAD_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(MULLVAD_BROWSER_VERSION)` will increase)
+      - if we have build failures unrelated to `mullvad-browser`, the `$(MULLVAD_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same.
+- `$(MULLVAD_BROWSER_VERSION)` : the published Mullvad Browser version
+    - **example** : `11.5a6`, `11.0.7`
+- `$(MB_BUILD_TAG)` : the `tor-browser-build` build tag used to build a given Mullvad Browser version
+    - **example** : `mb-12.0.7-build1`
+</details>
+
+**NOTE** It is assumed that the `tor-browser` alpha rebase and security backport tasks have been completed
+
+<details>
+  <summary>Building</summary>
+
+### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git
+Mullvad Browser Alpha (and Nightly) are on the `main` branch
+
+- [ ] Update `rbm.conf`
+  - [ ] `var/torbrowser_version` : update to next version
+  - [ ] `var/torbrowser_build` : update to `$(MULLVAD_BROWSER_BUILD_N)`
+  - [ ] `var/torbrowser_incremental_from` : update to previous Desktop version
+    - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make mullvadbrowser-incrementals-*` step will fail
+- [ ] Update build configs
+  - [ ] Update `projects/firefox/config`
+    - [ ] `browser_build` : update to match `mullvad-browser` tag
+    - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased
+  - [ ] Update `projects/translation/config`:
+    - [ ] run `make list_translation_updates-alpha` to get updated hashes
+    - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch
+    - [ ] `steps/base-browser-fluent/git_hash` : update with `HEAD` commit of project's `basebrowser-newidentityftl` branch
+- [ ] Update common build configs
+  - [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript
+    - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config`
+      - [ ] `URL`
+      - [ ] `sha256sum`
+  - [ ] Check for uBlock-origin updates here : https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
+    - [ ] ***(Optional)*** If new version available, update `ublock-origin` section of `input_files` in `projects/browser/config`
+      - [ ] `URL`
+      - [ ] `sha256sum`
+  - [ ] Check for Mullvad Privacy Companion updates here : https://github.com/mullvad/browser-extension/releases
+    - [ ] ***(Optional)*** If new version available, update `mullvad-extension` section of `input_files` in `projects/browser/config`
+      - [ ] `URL`
+      - [ ] `sha256sum`
+- [ ] Open MR with above changes
+- [ ] Merge
+- [ ] Sign/Tag commit: `make mullvadbrowser-signtag-alpha`
+- [ ] Push tag to `origin`
+- [ ] Begin build on `$(BUILD_SERVER)` (fix any issues in subsequent MRs)
+- [ ] **TODO** Submit build-tag to Mullvad build infra
+- [ ] Ensure builders have matching builds
+
+</details>
+
+<details>
+  <summary>QA</summary>
+
+### send the build
+
+  - [ ] Email Mullvad QA: support@mullvad.net, rui@mullvad.net
+    <details>
+      <summary>email template</summary>
+
+        Subject:
+        New build: Mullvad Browser $(MULLVAD_BROWSER_VERION) (unsigned)
+
+        Body:
+        unsigned builds: https://tb-build-05.torproject.org/~$(BUILDER)/builds/mullvadbrowser/release...)
+
+        changelog:
+        ...
+
+    </details>
+
+    - ***(Optional)*** Add additional information:
+      - [ ] Note any new functionality which needs testing
+      - [ ] Link to any known issues
+
+</details>
+
+<details>
+  <summary>Signing</summary>
+
+### signing
+- [ ] On `$(STAGING_SERVER)`, ensure updated:
+  - [ ]  `tor-browser-build/tools/signing/set-config.hosts`
+    - `ssh_host_builder` : ssh hostname of machine with unsigned builds
+      - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory)
+    - `ssh_host_linux_signer` : ssh hostname of linux signing machine
+    - `ssh_host_macos_signer` : ssh hostname of macOS signing machine
+  - [ ] `tor-browser-build/tools/signing/set-config.macos-notarization`
+    - `macos_notarization_user` : the email login for a mullvad notariser Apple Developer account
+  - [ ] `set-config.update-responses`
+    - `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/mullvad-browser-update-responses.git`
+  - [ ] `tor-browser-build/tools/signing/set-config.tbb-version`
+    - `tbb_version` : mullvad browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`)
+    - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
+    - `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases
+- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run the macOS proxy script:
+    - `cd tor-browser-build/tools/signing/`
+    - `./macos-signer-proxy`
+- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
+- [ ] run do-all-signing script:
+    - `cd tor-browser-build/tools/signing/`
+    - `./do-all-signing.mullvadbrowser`
+- **NOTE**: at this point the signed binaries should have been copied to `staticiforme`
+- [ ] Update `staticiforme.torproject.org`:
+  - From `screen` session on `staticiforme.torproject.org`:
+  - [ ] Static update components : `static-update-component dist.torproject.org`
+  - [ ] Remove old release data from `/srv/dist-master.torproject.org/htdocs/mullvadbrowser`
+  - [ ] Static update components (again) : `static-update-component dist.torproject.org`
+
+</details>
+
+<details>
+  <summary>Publishing</summary>
+
+### email
+
+- [ ] Email Mullvad with release information: support@mullvad.net, rui@mullvad.net
+  <details>
+    <summary>email template</summary>
+
+      Subject:
+      New build: Mullvad Browser $(MULLVAD_BROWSER_VERION) (signed)
+
+      Body:
+      signed builds: https://dist.torproject.org/mullvadbrowser/$(MULLVAD_BROWSER_VERSION)
+
+      update_response hashes: $(MULLVAD_UPDATE_RESPONSES_HASH)
+
+      changelog:
+      ...
+
+  </details>
+
+### mullvad-browser (github): https://github.com/mullvad/mullvad-browser/
+- [ ] Push this release's associated `mullvad-browser.git` branch to github
+- [ ] Push this release's associated tags to github:
+  - [ ] Firefox ESR tag
+    - **example** : `FIREFOX_102_12_0esr_BUILD1,`
+  - [ ] `base-browser` tag
+    - **example** : `base-browser-102.12.0esr-12.0-1-build1`
+  - [ ] `mullvad-browser` tag
+    - **example** : `mullvad-browser-102.12.0esr-12.0-1-build1`
+- [ ] Sign+Tag additionally the `mullvad-browser.git` `firefox` commit used in build:
+  - **Tag**: `$(MULLVAD_BROWSER_VERSION)`
+    - **example** : `12.5a7`
+  - **Message**: `$(ESR_VERSION)esr-based $(MULLVAD_BROWSER_VERSION)`
+    - **example** : `102.12.0esr-based 12.5a7`
+  - [ ] Push tag to github
+
+</details>
+
+<details>
+  <summary>Downstream</summary>
+
+### notify packagers
+
+- [ ] **(Optional, Once Mullvad Updates their Github Releases Page)** Email downstream consumers:
+  <details>
+    <summary>email template</summary>
+
+    ...
+
+    ...
+
+  </details>
+
+  - **NOTE**: This is an optional step and only necessary close a major release/transition from alpha to stable, or if there are major packing changes these developers need to be aware of
+  - [ ] flathub package maintainer: proletarius101@protonmail.com
+  - [ ] arch package maintainer: bootctl@gmail.com
+  - [ ] nixOS package maintainer: dev@felschr.com
+
+</details>
+
+/label ~"Release Prep"
=====================================
.gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md
=====================================
@@ -2,32 +2,36 @@
   <summary>Explanation of variables</summary>
- `$(BUILD_SERVER)` : the server the main builder is using to build a mullvad-browser release
+- `$(BUILDER)` : whomever is building the release on the $(BUILD_SERVER)
+  - **example** : `pierov`
 - `$(STAGING_SERVER)` : the server the signer is using to to run the signing process
 - `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building mullvad-browser tags, labels, etc
-  - example : `91.6.0`
+  - **example** : `91.6.0`
 - `$(MULLVAD_BROWSER_MAJOR)` : the Mullvad Browser major version
-  - example : `11`
+  - **example** : `11`
 - `$(MULLVAD_BROWSER_MINOR)` : the Mullvad Browser minor version
-  - example : either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
+  - **example** : either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
 - `$(MULLVAD_BROWSER_VERSION)` : the Mullvad Browser version in the format
-  - example: `12.5a3`, `12.0.3`
+  - **example** : `12.5a3`, `12.0.3`
 - `$(BUILD_N)` : a project's build revision within a its branch; this is separate from the `$(MULLVAD_BROWSER_BUILD_N)` value; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build.
-    - example : `build1`
+    - **example** : `build1`
 - `$(MULLVAD_BROWSER_BUILD_N)` : the mullvad-browser build revision for a given Mullvad Browser release; used in tagging git commits
-    - example : `build2`
-    - **NOTE** : A project's `$(BUILD_N)` and `$(MULLVAD_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For example :
-        - if we have multiple Mullvad Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(MULLVAD_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(MULLVAD_BROWSER_VERSION)` will increase)
-        - if we have build failures unrelated to `mullvad-browser`, the `$(MULLVAD_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same.
+    - **example** : `build2`
+    - **NOTE** : A project's `$(BUILD_N)` and `$(MULLVAD_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For **example** :
+      - if we have multiple Mullvad Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(MULLVAD_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(MULLVAD_BROWSER_VERSION)` will increase)
+      - if we have build failures unrelated to `mullvad-browser`, the `$(MULLVAD_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same.
 - `$(MULLVAD_BROWSER_VERSION)` : the published Mullvad Browser version
-    - example : `11.5a6`, `11.0.7`
+    - **example** : `11.5a6`, `11.0.7`
+- `$(MB_BUILD_TAG)` : the `tor-browser-build` build tag used to build a given Mullvad Browser version
+    - **example** : `mb-12.0.7-build1`
 </details>
-**NOTE** It is assumed that the `tor-browser` rebase and security backport tasks have been completed
+**NOTE** It is assumed that the `tor-browser` stable rebase and security backport tasks have been completed
<details>
-  <summary>Build Configs</summary>
+  <summary>Building</summary>
-### tor-browser-build: https://gitlab.mullvadproject.org/tpo/applications/tor-browser-build.git
+### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git
 Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MULLVAD_BROWSER_MINOR)` (and possibly more specific) branches
- [ ] Update `rbm.conf`
@@ -57,30 +61,55 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU
       - [ ] `URL`
       - [ ] `sha256sum`
 - [ ] Open MR with above changes
-- [ ] Begin build on `$(BUILD_SERVER)` (and fix any issues which come up and update MR)
 - [ ] Merge
 - [ ] Sign/Tag commit: `make mullvadbrowser-signtag-release`
 - [ ] Push tag to `origin`
+- [ ] Begin build on `$(BUILD_SERVER)` (fix any issues in subsequent MRs)
+- [ ] **TODO** Submit build-tag to Mullvad build infra
+- [ ] Ensure builders have matching builds
+
+</details>
+
+<details>
+  <summary>QA</summary>
+
+### send the build
+
+  - [ ] Email Mullvad QA: support@mullvad.net, rui@mullvad.net
+    <details>
+      <summary>email template</summary>
+
+        Subject:
+        New build: Mullvad Browser $(MULLVAD_BROWSER_VERION) (unsigned)
+
+        Body:
+        unsigned builds: https://tb-build-05.torproject.org/~$(BUILDER)/builds/mullvadbrowser/release...)
+
+        changelog:
+        ...
+
+    </details>
+
+    - ***(Optional)*** Add additional information:
+      - [ ] Note any new functionality which needs testing
+      - [ ] Link to any known issues
</details>
<details>
   <summary>Signing</summary>
-### signing + publishing
-- [ ] Ensure builders have matching builds
+### signing
 - [ ] On `$(STAGING_SERVER)`, ensure updated:
-  - [ ] `tor-browser-build/tools/signing/set-config`
-    - `NSS_DB_DIR` : location of the `nssdb7` direcmullvady
   - [ ]  `tor-browser-build/tools/signing/set-config.hosts`
     - `ssh_host_builder` : ssh hostname of machine with unsigned builds
-      - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` direcmullvady)
+      - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory)
     - `ssh_host_linux_signer` : ssh hostname of linux signing machine
     - `ssh_host_macos_signer` : ssh hostname of macOS signing machine
   - [ ] `tor-browser-build/tools/signing/set-config.macos-notarization`
     - `macos_notarization_user` : the email login for a mullvad notariser Apple Developer account
   - [ ] `set-config.update-responses`
-    - `update_responses_reposimullvady_dir` : direcmullvady where you cloned `git@gitlab.mullvadproject.org:tpo/applications/mullvad-browser-update-responses.git`
+    - `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/mullvad-browser-update-responses.git`
   - [ ] `tor-browser-build/tools/signing/set-config.tbb-version`
     - `tbb_version` : mullvad browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`)
     - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
@@ -91,7 +120,7 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU
 - [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
 - [ ] run do-all-signing script:
     - `cd tor-browser-build/tools/signing/`
-    - `./do-all-signing.sh`
+    - `./do-all-signing.mullvadbrowser`
 - **NOTE**: at this point the signed binaries should have been copied to `staticiforme`
 - [ ] Update `staticiforme.torproject.org`:
   - From `screen` session on `staticiforme.torproject.org`:
@@ -101,19 +130,64 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU
</details>
+<details>
+  <summary>Publishing</summary>
+
+### email
+
+- [ ] Email Mullvad with release information: support@mullvad.net, rui@mullvad.net
+  <details>
+    <summary>email template</summary>
+
+      Subject:
+      New build: Mullvad Browser $(MULLVAD_BROWSER_VERION) (signed)
+
+      Body:
+      signed builds: https://dist.torproject.org/mullvadbrowser/$(MULLVAD_BROWSER_VERSION)
+
+      update_response hashes: $(MULLVAD_UPDATE_RESPONSES_HASH)
+
+      changelog:
+      ...
+
+  </details>
+
+### mullvad-browser (github): https://github.com/mullvad/mullvad-browser/
+- [ ] Push this release's associated `mullvad-browser.git` branch to github
+- [ ] Push this release's associated tags to github:
+  - [ ] Firefox ESR tag
+    - **example** : `FIREFOX_102_12_0esr_BUILD1,`
+  - [ ] `base-browser` tag
+    - **example** : `base-browser-102.12.0esr-12.0-1-build1`
+  - [ ] `mullvad-browser` tag
+    - **example** : `mullvad-browser-102.12.0esr-12.0-1-build1`
+- [ ] Sign+Tag additionally the `mullvad-browser.git` `firefox` commit used in build:
+  - **Tag**: `$(MULLVAD_BROWSER_VERSION)`
+    - **example** : `12.0.7`
+  - **Message**: `$(ESR_VERSION)esr-based $(MULLVAD_BROWSER_VERSION)`
+    - **example** : `102.12.0esr-based 12.0.7`
+  - [ ] Push tag to github
+
+</details>
+
 <details>
   <summary>Downstream</summary>
-### notify stakeholders
+### notify packagers
+
+- [ ] **(Once Mullvad Updates their Github Releases Page)** Email downstream consumers:
+  <details>
+    <summary>email template</summary>
+
+    ...
+
+    ...
+
+  </details>
-- [ ] Email Mullvad with release information: rui@mullvad.net
-  - [ ] Build artifact download list
-  - [ ] New `mullvad-browser` project branch and tags
-  - [ ] mullvad-browser-update-responses git hash
-  - [ ] changelog
-- [ ] Email downstream consumers:
   - [ ] flathub package maintainer: proletarius101@protonmail.com
   - [ ] arch package maintainer: bootctl@gmail.com
+  - [ ] nixOS package maintainer: dev@felschr.com
### merge requests
=====================================
.gitlab/issue_templates/Release Prep - Tor Browser Alpha.md
=====================================
@@ -2,28 +2,34 @@
   <summary>Explanation of variables</summary>
- `$(BUILD_SERVER)` : the server the main builder is using to build a tor-browser release
+- `$(BUILDER)` : whomever is building the release on the $(BUILD_SERVER)
+  - **example** : `pierov`
 - `$(STAGING_SERVER)` : the server the signer is using to to run the signing process
 - `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc
-    - example : `91.6.0`
+  - **example** : `91.6.0`
 - `$(TOR_BROWSER_MAJOR)` : the Tor Browser major version
-    - example : `11`
+  - **example** : `11`
 - `$(TOR_BROWSER_MINOR)` : the Tor Browser minor version
-    - example : either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
+  - **example** : either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
+- `$(TOR_BROWSER_VERSION)` : the Tor Browser version in the format
+  - **example** : `12.5a3`, `12.0.3`
 - `$(BUILD_N)` : a project's build revision within a its branch; this is separate from the `$(TOR_BROWSER_BUILD_N)` value; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build.
-    - example : `build1`
+  - **example** : `build1`
 - `$(TOR_BROWSER_BUILD_N)` : the tor-browser build revision for a given Tor Browser release; used in tagging git commits
-    - example : `build2`
-    - **NOTE** : A project's `$(BUILD_N)` and `$(TOR_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For example :
-        - if we have multiple Tor Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(TOR_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(TOR_BROWSER_VERSION)` will increase)
-        - if we have build failures unrelated to `tor-browser`, the `$(TOR_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same.
+  - **example** : `build2`
+  - **NOTE** : A project's `$(BUILD_N)` and `$(TOR_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For example :
+    - if we have multiple Tor Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(TOR_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(TOR_BROWSER_VERSION)` will increase)
+    - if we have build failures unrelated to `tor-browser`, the `$(TOR_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same.
 - `$(TOR_BROWSER_VERSION)` : the published Tor Browser version
-    - example : `11.5a6`, `11.0.7`
+    - **example** : `11.5a6`, `11.0.7`
+- `$(TBB_BUILD_TAG)` : the `tor-browser-build` build tag used to build a given Tor Browser version
+    - **example** : `tbb-12.5a7-build1`
 </details>
-**NOTE** It is assumed that the `tor-browser` rebase and security backport tasks have been completed
+**NOTE** It is assumed that the `tor-browser` stable rebase and security backport tasks have been completed
<details>
-  <summary>Build Updates</summary>
+  <summary>Building</summary>
### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git
 Tor Browser Alpha (and Nightly) are on the `main` branch
@@ -44,7 +50,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
     - [ ] `steps/tor-browser/git_hash` : update with `HEAD` commit of project's `tor-browser` branch
     - [ ] `steps/fenix/git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch
 - [ ] Update Android-specific build configs
-  - [ ] ***(Optional)*** Update `projects/geckoview/config`
+  - [ ] Update `projects/geckoview/config`
     - [ ] `browser_build` : update to match `tor-browser` tag
     - [ ] ***(Optional)*** `var/geckoview_version` : update to latest `$(ESR_VERSION)` if rebased
   - [ ] ***(Optional)*** Update `projects/tor-android-service/config`
@@ -56,7 +62,6 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
     - [ ] `android_components_build` : update to match alpha android-components tag
   - [ ] ***(Optional)*** Update `projects/fenix/config`
     - [ ] `fenix_build` : update to match fenix tag
-    - [ ] ***(Optional)*** `var/fenix_version` : update to latest `$(ESR_VERSION)` if rebased
   - [ ] Update allowed_addons.json by running (from `tor-browser-build` root):
     - `./tools/fetch_allowed_addons.py > projects/browser/allowed_addons.json`
 - [ ] Update common build configs
@@ -79,14 +84,13 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
     - [ ] ***(Optional)*** Update `projects/go/config`
       - [ ] `version` : update go version
       - [ ] `input_files/sha256sum` for `go` : update sha256sum of archive (sha256 sums are displayed on the go download page)
-  - [ ] Update the manual : https://gitlab.torproject.org/tpo/web/manual/-/jobs/
-    - [ ] Download the `artifacts.zip` file from latest build stage row (download icon button on the right)
-    - [ ] Rename it to `manual_$PIPELINEID.zip`
-    - [ ] Upload it to people.tpo
-    - [ ] Update `projects/manual/config`
-      - [ ] Change the version to `$PIPELINEID`
-      - [ ] Update the hash in the input_files section
-      - [ ] Update the URL if you have uploaded to a different people.tpo home
+  - [ ] Check for manual updates by running (from `tor-browser-build` root): `./tools/fetch-manual.py`
+    - [ ] ***(Optional)*** If new version is available:
+      - [ ] Upload the downloaded `manual_$PIPELINEID.zip` file to people.tpo
+      - [ ] Update `projects/manual/config`:
+        - [ ] Change the `version` to `$PIPELINEID`
+        - [ ] Update `sha256sum` in the `input_files` section
+        - [ ] ***(Optional)*** Update the URL if you have uploaded to a different people.tpo home
 - [ ] Update `ChangeLog.txt`
   - [ ] Ensure ChangeLog.txt is sync'd between alpha and stable branches
   - [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones
@@ -94,19 +98,26 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
     - Make sure you have `requests` installed (e.g., `apt install python3-requests`)
     - The first time you run this script you will need to generate an access token; the script will guide you
   - [ ] Copy the output of the script to the beginning of `ChangeLog.txt` and adjust its output
-    - If you used the issue number, you will need to write the Tor Browser version manually
-  - [ ] Include any version updates for:
-    - [ ] translations
-    - [ ] OpenSSL
-    - [ ] NoScript
+    - **NOTE** : If you used the issue number, you will need to write the Tor Browser version manually
+  - [ ] ***(Optional)*** Under `All Platforms` include any version updates for:
+    - [ ] Translations
+    - [ ]OpenSSL
+    - [ ]NoScript
+    - [ ]zlib
+    - [ ] tor daemon
+  - [ ] ***(Optional)*** Under `Windows + macOS + Linux` include updates for:
+    - [ ] Firefox
+  - [ ] ***(Optional)*** Under `Android`, include updates for:
+    - [ ] Geckoview
+  - [ ] ***(Optional)*** Under `Build System/All Platforms` include updates for:
     - [ ] Go
-    - [ ] zlib
-  - [ ] Include any ESR rebase for Firefox and GeckoView
 - [ ] Open MR with above changes
-- [ ] Begin build on `$(BUILD_SERVER)` (fix any issues which come up and update MR)
 - [ ] Merge
 - [ ] Sign/Tag commit: `make torbrowser-signtag-alpha`
 - [ ] Push tag to `origin`
+- [ ] Begin build on `$(BUILD_SERVER)` (fix any issues in subsequent MRs)
+- [ ] **TODO** Submit build-tag to Mullvad build infra
+- [ ] Ensure builders have matching builds
</details>
@@ -118,6 +129,10 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
   <details>
     <summary>email template</summary>
+      Subject:
+      Tor Browser $(TOR_BROWSER_VERION) (Android, Windows, macOS, Linux)
+
+      Body:
       Hello All,
Unsigned Tor Browser $(TOR_BROWSER_VERSION) alpha candidate builds are now available for testing:
@@ -126,15 +141,15 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
The full changelog can be found here:
-      - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/main/...
+      - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/blob/$(TB...
</details>
- [ ] Email tor-qa mailing list: tor-qa@lists.torproject.org
-  - Additional information:
+  - ***(Optional)*** Additional information:
     - [ ] Note any new functionality which needs testing
     - [ ] Link to any known issues
-- [ ] ***(Optional, only around build/packaging changes)*** Email downstream consumers:
+- [ ] ***(Optional, only around build/packaging changes)*** Email packagers:
   - Recipients:
     - Tails dev mailing list: tails-dev@boum.org
     - Guardian Project: nathan@guardianproject.info
@@ -142,7 +157,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
     - FreeBSD port: freebsd@sysctl.cz <!-- Gitlab user maxfx -->
     - OpenBSD port: caspar@schutijser.com <!-- Gitlab user cschutijser -->
   - [ ] Note any changes which may affect packaging/downstream integration
-- [ ] Email upstream stakeholders:
+- [ ] Email external partners:
   - ***(Optional, after ESR migration)*** Cloudflare: ask-research@cloudflare.com
     - **NOTE** :  We need to provide them with updated user agent string so they can update their internal machinery to prevent Tor Browser users from getting so many CAPTCHAs
@@ -151,11 +166,9 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
 <details>
   <summary>Signing</summary>
-### signing + publishing
-- [ ] Ensure builders have matching builds
+### signing
+- **NOTE** : In practice, it's most efficient to have the blog post and website updates ready to merge, since signing doesn't take very long
 - [ ] On `$(STAGING_SERVER)`, ensure updated:
-  - [ ] `tor-browser-build/tools/signing/set-config`
-    - `NSS_DB_DIR` : location of the `nssdb7` directory
   - [ ]  `tor-browser-build/tools/signing/set-config.hosts`
     - `ssh_host_builder` : ssh hostname of machine with unsigned builds
       - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory)
@@ -182,7 +195,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
   - [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
   - [ ] Enable update responses : `sudo -u tb-release ./deploy_update_responses-alpha.sh`
   - [ ] Remove old release data from following places:
-    - **NOTE** : Skip this step if the current release is Android or Desktop *only*
+    - **NOTE** : Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc)
     - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
     - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
   - [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
@@ -236,7 +249,24 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
 - [ ] Publish after CI passes and website has been updated
### tor-announce mailing list
-- [ ] Send an email to tor-announce@lists.torproject.org, using the same content as the blog post and subject "Tor Browser $version is released".
+  <details>
+    <summary>email template</summary>
+
+      Subject:
+      New Release: Tor Browser $(TOR_BROWSER_VERSION) (Android, Windows, macOS, Linux)
+
+      Body:
+      Hi everyone,
+
+      Tor Browser $(TOR_BROWSER_VERSION) has now been published for all platforms. For details please see our blog post:
+
+      - $(BLOG_POST_URL)
+
+  </details>
+
+- [ ] Email tor-announce mailing list: tor-announce@lists.torproject.org
+  - **(Optional)** Additional information:
+    - [ ] Link to any known issues
</details>
=====================================
.gitlab/issue_templates/Release Prep - Tor Browser Stable.md
=====================================
@@ -2,33 +2,34 @@
   <summary>Explanation of variables</summary>
- `$(BUILD_SERVER)` : the server the main builder is using to build a tor-browser release
+- `$(BUILDER)` : whomever is building the release on the $(BUILD_SERVER)
+  - **example** : `pierov`
 - `$(STAGING_SERVER)` : the server the signer is using to to run the signing process
 - `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc
-  - example : `91.6.0`
-- `$(ESR_TAG)` : the Mozilla defined hg (Mercurial) tag associated with `$(ESR_VERSION)`
-  - exmaple : `FIREFOX_91_7_0esr_BUILD2`
-- `$(ESR_TAG_PREV)` : the Mozilla defined hg (Mercurial) tag associated with the previous ESR version when rebasing (ie, the ESR version we are rebasing from)
+  - **example** : `91.6.0`
 - `$(TOR_BROWSER_MAJOR)` : the Tor Browser major version
-  - example : `11`
+  - **example** : `11`
 - `$(TOR_BROWSER_MINOR)` : the Tor Browser minor version
-  - example : either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
+  - **example** : either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
 - `$(TOR_BROWSER_VERSION)` : the Tor Browser version in the format
-  - example: `12.5a3`, `12.0.3`
+  - **example** : `12.5a3`, `12.0.3`
 - `$(BUILD_N)` : a project's build revision within a its branch; this is separate from the `$(TOR_BROWSER_BUILD_N)` value; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build.
-    - example : `build1`
+  - **example** : `build1`
 - `$(TOR_BROWSER_BUILD_N)` : the tor-browser build revision for a given Tor Browser release; used in tagging git commits
-    - example : `build2`
-    - **NOTE** : A project's `$(BUILD_N)` and `$(TOR_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For example :
-        - if we have multiple Tor Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(TOR_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(TOR_BROWSER_VERSION)` will increase)
-        - if we have build failures unrelated to `tor-browser`, the `$(TOR_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same.
+  - **example** : `build2`
+  - **NOTE** : A project's `$(BUILD_N)` and `$(TOR_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For example :
+    - if we have multiple Tor Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(TOR_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(TOR_BROWSER_VERSION)` will increase)
+    - if we have build failures unrelated to `tor-browser`, the `$(TOR_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same.
 - `$(TOR_BROWSER_VERSION)` : the published Tor Browser version
-    - example : `11.5a6`, `11.0.7`
+    - **example** : `11.5a6`, `11.0.7`
+- `$(TBB_BUILD_TAG)` : the `tor-browser-build` build tag used to build a given Tor Browser version
+    - **example** : `tbb-12.0.7-build1`
 </details>
-**NOTE** It is assumed that the `tor-browser` rebase and security backport tasks have been completed
+**NOTE** It is assumed that the `tor-browser` stable rebase and security backport tasks have been completed
<details>
-  <summary>Build Configs</summary>
+  <summary>Building</summary>
### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git
 Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)` (and possibly more specific) branches
@@ -37,7 +38,7 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
   - [ ] `var/torbrowser_version` : update to next version
   - [ ] `var/torbrowser_build` : update to `$(TOR_BROWSER_BUILD_N)`
   - [ ] ***(Desktop Only)***`var/torbrowser_incremental_from` : update to previous Desktop version
-    - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make incrementals-*` step will fail
+    - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail
 - [ ] Update Desktop-specific build configs
   - [ ] Update `projects/firefox/config`
     - [ ] `browser_build` : update to match `tor-browser` tag
@@ -49,7 +50,7 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
     - [ ] `steps/tor-browser/git_hash` : update with `HEAD` commit of project's `tor-browser` branch
     - [ ] `steps/fenix/git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch
 - [ ] Update Android-specific build configs
-  - [ ] ***(Optional)*** Update `projects/geckoview/config`
+  - [ ] Update `projects/geckoview/config`
     - [ ] `browser_build` : update to match `tor-browser` tag
     - [ ] ***(Optional)*** `var/geckoview_version` : update to latest `$(ESR_VERSION)` if rebased
   - [ ] ***(Optional)*** Update `projects/tor-android-service/config`
@@ -58,10 +59,9 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
     **NOTE** we don't currently have any of our own patches for this project
     - [ ] `git_hash` : update to appropriate git commit associated with `$(ESR_VERSION)`
   - [ ] ***(Optional)*** Update `projects/android-components/config`:
-    - [ ] `android_components_build` : update to match android-components tag
+    - [ ] `android_components_build` : update to match stable android-components tag
   - [ ] ***(Optional)*** Update `projects/fenix/config`
     - [ ] `fenix_build` : update to match fenix tag
-    - [ ] ***(Optional)*** `var/fenix_version` : update to latest `$(ESR_VERSION)` if rebased
   - [ ] Update allowed_addons.json by running (from `tor-browser-build` root):
     - `./tools/fetch_allowed_addons.py > projects/browser/allowed_addons.json`
 - [ ] Update common build configs
@@ -84,14 +84,13 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
     - [ ] ***(Optional)*** Update `projects/go/config`
       - [ ] `version` : update go version
       - [ ] `input_files/sha256sum` for `go` : update sha256sum of archive (sha256 sums are displayed on the go download page)
-  - [ ] Update the manual : https://gitlab.torproject.org/tpo/web/manual/-/jobs/
-    - [ ] Download the `artifacts.zip` file from latest build stage row (download icon button on the right)
-    - [ ] Rename it to `manual_$PIPELINEID.zip`
-    - [ ] Upload it to people.tpo
-    - [ ] Update `projects/manual/config`
-      - [ ] Change the version to `$PIPELINEID`
-      - [ ] Update the hash in the input_files section
-      - [ ] Update the URL if you have uploaded to a different people.tpo home
+  - [ ] Check for manual updates by running (from `tor-browser-build` root): `./tools/fetch-manual.py`
+    - [ ] ***(Optional)*** If new version is available:
+      - [ ] Upload the downloaded `manual_$PIPELINEID.zip` file to people.tpo
+      - [ ] Update `projects/manual/config`:
+        - [ ] Change the `version` to `$PIPELINEID`
+        - [ ] Update `sha256sum` in the `input_files` section
+        - [ ] ***(Optional)*** Update the URL if you have uploaded to a different people.tpo home
 - [ ] Update `ChangeLog.txt`
   - [ ] Ensure ChangeLog.txt is sync'd between alpha and stable branches
   - [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones
@@ -99,19 +98,26 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
     - Make sure you have `requests` installed (e.g., `apt install python3-requests`)
     - The first time you run this script you will need to generate an access token; the script will guide you
   - [ ] Copy the output of the script to the beginning of `ChangeLog.txt` and adjust its output
-    - If you used the issue number, you will need to write the Tor Browser version manually
-  - [ ] Include any version updates for:
-    - [ ] translations
-    - [ ] OpenSSL
-    - [ ] NoScript
+    - **NOTE** : If you used the issue number, you will need to write the Tor Browser version manually
+  - [ ] ***(Optional)*** Under `All Platforms` include any version updates for:
+    - [ ] Translations
+    - [ ]OpenSSL
+    - [ ]NoScript
+    - [ ]zlib
+    - [ ] tor daemon
+  - [ ] ***(Optional)*** Under `Windows + macOS + Linux` include updates for:
+    - [ ] Firefox
+  - [ ] ***(Optional)*** Under `Android`, include updates for:
+    - [ ] Geckoview
+  - [ ] ***(Optional)*** Under `Build System/All Platforms` include updates for:
     - [ ] Go
-    - [ ] zlib
-  - [ ] Include any ESR rebase for Firefox and GeckoView
 - [ ] Open MR with above changes
-- [ ] Begin build on `$(BUILD_SERVER)` (and fix any issues which come up and update MR)
 - [ ] Merge
 - [ ] Sign/Tag commit: `make torbrowser-signtag-release`
 - [ ] Push tag to `origin`
+- [ ] Begin build on `$(BUILD_SERVER)` (fix any issues in subsequent MRs)
+- [ ] **TODO** Submit build-tag to Mullvad build infra
+- [ ] Ensure builders have matching builds
</details>
@@ -123,6 +129,10 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
   <details>
     <summary>email template</summary>
+      Subject:
+      Tor Browser $(TOR_BROWSER_VERION) (Android, Windows, macOS, Linux)
+
+      Body:
       Hello All,
Unsigned Tor Browser $(TOR_BROWSER_VERSION) release candidate builds are now available for testing:
@@ -131,36 +141,31 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
The full changelog can be found here:
-      - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/maint...
+      - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/blob/$(TB...
</details>
- [ ] Email tor-qa mailing list: tor-qa@lists.torproject.org
-  - Additional information:
+  - ***(Optional)*** Additional information:
     - [ ] Note any new functionality which needs testing
     - [ ] Link to any known issues
-- [ ] Email downstream consumers:
+- [ ] Email packagers:
   - Recipients:
     - Tails dev mailing list: tails-dev@boum.org
     - Guardian Project: nathan@guardianproject.info
     - torbrowser-launcher: micah@micahflee.com
     - FreeBSD port: freebsd@sysctl.cz <!-- Gitlab user maxfx -->
     - OpenBSD port: caspar@schutijser.com <!-- Gitlab user cschutijser -->
-  - [ ] Note any changes which may affect packaging/downstream integration
-- [ ] Email upstream stakeholders:
-  - ***(Optional, after ESR migration)*** Cloudflare: ask-research@cloudflare.com
-    - **NOTE** :  We need to provide them with updated user agent string so they can update their internal machinery to prevent Tor Browser users from getting so many CAPTCHAs
+  - [ ] ***(Optional)*** Note any changes which may affect packaging/downstream integration
</details>
<details>
   <summary>Signing</summary>
-### signing + publishing
-- [ ] Ensure builders have matching builds
+### signing
+- **NOTE** : In practice, it's most efficient to have the blog post and website updates ready to merge, since signing doesn't take very long
 - [ ] On `$(STAGING_SERVER)`, ensure updated:
-  - [ ] `tor-browser-build/tools/signing/set-config`
-    - `NSS_DB_DIR` : location of the `nssdb7` directory
   - [ ]  `tor-browser-build/tools/signing/set-config.hosts`
     - `ssh_host_builder` : ssh hostname of machine with unsigned builds
       - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory)
@@ -180,14 +185,14 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
 - [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
 - [ ] run do-all-signing script:
     - `cd tor-browser-build/tools/signing/`
-    - `./do-all-signing.sh`
+    - `./do-all-signing.torbrowser`
 - **NOTE**: at this point the signed binaries should have been copied to `staticiforme`
 - [ ] Update `staticiforme.torproject.org`:
   - From `screen` session on `staticiforme.torproject.org`:
   - [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
   - [ ] Enable update responses : `sudo -u tb-release ./deploy_update_responses-release.sh`
   - [ ] Remove old release data from following places:
-    - **NOTE** : Skip this step if the current release is Android or Desktop *only*
+    - **NOTE** : Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc)
     - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
     - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
 - [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
@@ -241,7 +246,24 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
 - [ ] Publish after CI passes and website has been updated
### tor-announce mailing list
-- [ ] Send an email to tor-announce@lists.torproject.org, using the same content as the blog post and subject "Tor Browser $version is released".
+  <details>
+    <summary>email template</summary>
+
+      Subject:
+      New Release: Tor Browser $(TOR_BROWSER_VERSION) (Android, Windows, macOS, Linux)
+
+      Body:
+      Hi everyone,
+
+      Tor Browser $(TOR_BROWSER_VERSION) has now been published for all platforms. For details please see our blog post:
+
+      - $(BLOG_POST_URL)
+
+  </details>
+
+- [ ] Email tor-announce mailing list: tor-announce@lists.torproject.org
+  - **(Optional)** Additional information:
+    - [ ] Link to any known issues
</details>
=====================================
.gitlab/merge_request_templates/default.md
=====================================
@@ -2,20 +2,52 @@
<!-- Bookkeeping information for release management -->
-- ### Related Issues
-  - tor-browser#xxxxx
-  - tor-browser-build#xxxxx
-  - etc
+### Related Issues
+- tor-browser#xxxxx
+- mullvad-browser#xxxxx
+- tor-browser-build#xxxxx
-- ### Backport Timeline
-  - [ ] **Immediate** - patchsets for critical bug fixes or other major blocker (e.g. fixes for a 0-day exploit) OR patchsets with trivial changes which do not need testing (e.g. fixes for typos or fixes easily verified in a local developer build)
-  - [ ] **Next Minor Stable Release** - patchset that needs to be verified in nightly before backport
-  - [ ] **Eventually** - patchset that needs to be verified in alpha before backport
-  - [ ] **No Backport** - patchset for the next major stable
+### Backporting
-- ### Issue Tracking
-  - [ ] Link resolved issues with appropriate [Release Prep issue](https://gitlab.torproject.org/groups/tpo/applications/-/issues/?sort=updated...) for changelog generation
+#### Timeline
+- [ ] **Immediate**: patchset needed as soon as possible
+- [ ] **Next Minor Stable Release**: patchset that needs to be verified in nightly before backport
+- [ ] **Eventually**: patchset that needs to be verified in alpha before backport
+- [ ] **No Backport (preferred)**: patchset for the next major stable
-## Change Description
+#### (Optional) Justification
+- [ ] **Emergency security update**: patchset fixes CVEs, 0-days, etc
+- [ ] **Censorship event**: patchset enables censorship circumvention
+- [ ] **Critical bug-fix**: patchset fixes a bug in core-functionality
+- [ ] **Consistency**: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc
+- [ ] **Sponsor required**: patchset required for sponsor
+- [ ] **Other**: please explain
-<!-- Whatever context the reviewer needs to effectively review the patchset -->
\ No newline at end of file
+### Issue Tracking
+- [ ] Link resolved issues with appropriate [Release Prep issue](https://gitlab.torproject.org/groups/tpo/applications/-/issues/?sort=updated...) for changelog generation
+
+### Review
+
+#### Request Reviewer
+
+- [ ] Request review from an applications developer depending on modified system:
+  - **NOTE**: if the MR modifies multiple areas, please `/cc` all the relevant reviewers (since gitlab only allows 1 reviewer)
+  - **accessibility** : henry
+  - **android** : dan
+  - **build system** : boklm
+  - **extensions** : ma1
+  - **firefox internals (XUL/JS/XPCOM)** : ma1
+  - **fonts** : pierov
+  - **frontend (implementation)** : henry
+  - **frontend (review)** : donuts, richard
+  - **localization** : henry, pierov
+  - **nightly builds** : boklm
+  - **rebases/release-prep** : dan_b, ma1, pierov, richard
+  - **security** : ma1
+  - **signing** : boklm, richard
+  - **updater** : pierov
+  - **misc/other** : pierov, richard
+
+#### Change Description
+
+<!-- Whatever context the reviewer needs to effectively review the patchset; if the patch includes UX updates be sure to include screenshots/video of how any new behaviour -->
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/1...
-- 
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/1...
You're receiving this email because of your account on gitlab.torproject.org.





    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

[tor-commits] [Git][tpo/applications/tor-browser-build][main] 2 commits: Updated gitlab merge request template