Hi,
herief Alaa:
Hi Georg,
On Sun, Apr 24, 2016 at 10:45 PM, Georg Koppen gk@torproject.org wrote:
Hello,
we are pleased to accounce that Tor Browser 6.0a5 is ready for testing and bundles can be found on:
https://people.torproject.org/~gk/builds/6.0a5-build3/
This will probably be our last alpha release before the stable 6.0 and it contains a bunch of noteworthy changes.
First, we switched the browser to Firefox ESR 45 and rebased our old patches/wrote new ones were necessary.
Second, we ship a new Tor alpha version, 0.2.8.2, which makes meek usable again and contains a number of other improvements/stability fixes.
Third, this alpha release will introduce code signing for OS X in order to cope with Gatekeeper. There were bundle layout changes necessary to adhere to code signing requirements. Please test that everything is still working as expected if you happen to have an OS X machine.
The fourth highlight is the fix for an installer related DLL hijacking vulnerability. This vulnerability made it necessary to deploy a newer NSIS version to create our .exe files. Please test that the installer is still working as expected if you happen to have a Windows machine.
[snip]
Tested on Windows 10, a scary warning from Windows Smart Screen pops up because it seems that it doesn't recognize the publisher. (see attached)
Yes. This and the OS X Gatekeeper dialog is due to the bundles not code signed yet. This should not prevent testing the functionality of this alpha though (provided one can get around Gatekeeper).
We might want to think about code signing the QA bundles as well to give users the bundles as they go out to our users. I am not sure if that is worth reducing the QA time we have, as signing the .exe and .dmg files takes some time.
Georg