[tbb-commits] [Git][tpo/applications/tor-browser-build][main] 2 commits: Updated gitlab merge request template
richard (@richard)
git at gitlab.torproject.org
Wed Jun 21 18:04:20 UTC 2023
richard pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
aafb2ab9 by Richard Pospesel at 2023-06-20T21:22:57+00:00
Updated gitlab merge request template
- - - - -
82bb2187 by Richard Pospesel at 2023-06-20T21:22:59+00:00
Release Prep issue template updates
- - - - -
5 changed files:
- + .gitlab/issue_templates/Release Prep - Mullvad Browser Alpha.md
- .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md
- .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md
- .gitlab/issue_templates/Release Prep - Tor Browser Stable.md
- .gitlab/merge_request_templates/default.md
Changes:
=====================================
.gitlab/issue_templates/Release Prep - Mullvad Browser Alpha.md
=====================================
@@ -0,0 +1,195 @@
+<details>
+ <summary>Explanation of variables</summary>
+
+- `$(BUILD_SERVER)` : the server the main builder is using to build a mullvad-browser release
+- `$(BUILDER)` : whomever is building the release on the $(BUILD_SERVER)
+ - **example** : `pierov`
+- `$(STAGING_SERVER)` : the server the signer is using to to run the signing process
+- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building mullvad-browser tags, labels, etc
+ - **example** : `91.6.0`
+- `$(MULLVAD_BROWSER_MAJOR)` : the Mullvad Browser major version
+ - **example** : `11`
+- `$(MULLVAD_BROWSER_MINOR)` : the Mullvad Browser minor version
+ - **example** : either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
+- `$(MULLVAD_BROWSER_VERSION)` : the Mullvad Browser version in the format
+ - **example** : `12.5a3`, `12.0.3`
+- `$(BUILD_N)` : a project's build revision within a its branch; this is separate from the `$(MULLVAD_BROWSER_BUILD_N)` value; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build.
+ - **example** : `build1`
+- `$(MULLVAD_BROWSER_BUILD_N)` : the mullvad-browser build revision for a given Mullvad Browser release; used in tagging git commits
+ - **example** : `build2`
+ - **NOTE** : A project's `$(BUILD_N)` and `$(MULLVAD_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For **example** :
+ - if we have multiple Mullvad Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(MULLVAD_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(MULLVAD_BROWSER_VERSION)` will increase)
+ - if we have build failures unrelated to `mullvad-browser`, the `$(MULLVAD_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same.
+- `$(MULLVAD_BROWSER_VERSION)` : the published Mullvad Browser version
+ - **example** : `11.5a6`, `11.0.7`
+- `$(MB_BUILD_TAG)` : the `tor-browser-build` build tag used to build a given Mullvad Browser version
+ - **example** : `mb-12.0.7-build1`
+</details>
+
+**NOTE** It is assumed that the `tor-browser` alpha rebase and security backport tasks have been completed
+
+<details>
+ <summary>Building</summary>
+
+### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git
+Mullvad Browser Alpha (and Nightly) are on the `main` branch
+
+- [ ] Update `rbm.conf`
+ - [ ] `var/torbrowser_version` : update to next version
+ - [ ] `var/torbrowser_build` : update to `$(MULLVAD_BROWSER_BUILD_N)`
+ - [ ] `var/torbrowser_incremental_from` : update to previous Desktop version
+ - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make mullvadbrowser-incrementals-*` step will fail
+- [ ] Update build configs
+ - [ ] Update `projects/firefox/config`
+ - [ ] `browser_build` : update to match `mullvad-browser` tag
+ - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased
+ - [ ] Update `projects/translation/config`:
+ - [ ] run `make list_translation_updates-alpha` to get updated hashes
+ - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch
+ - [ ] `steps/base-browser-fluent/git_hash` : update with `HEAD` commit of project's `basebrowser-newidentityftl` branch
+- [ ] Update common build configs
+ - [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript
+ - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config`
+ - [ ] `URL`
+ - [ ] `sha256sum`
+ - [ ] Check for uBlock-origin updates here : https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
+ - [ ] ***(Optional)*** If new version available, update `ublock-origin` section of `input_files` in `projects/browser/config`
+ - [ ] `URL`
+ - [ ] `sha256sum`
+ - [ ] Check for Mullvad Privacy Companion updates here : https://github.com/mullvad/browser-extension/releases
+ - [ ] ***(Optional)*** If new version available, update `mullvad-extension` section of `input_files` in `projects/browser/config`
+ - [ ] `URL`
+ - [ ] `sha256sum`
+- [ ] Open MR with above changes
+- [ ] Merge
+- [ ] Sign/Tag commit: `make mullvadbrowser-signtag-alpha`
+- [ ] Push tag to `origin`
+- [ ] Begin build on `$(BUILD_SERVER)` (fix any issues in subsequent MRs)
+- [ ] **TODO** Submit build-tag to Mullvad build infra
+- [ ] Ensure builders have matching builds
+
+</details>
+
+<details>
+ <summary>QA</summary>
+
+### send the build
+
+ - [ ] Email Mullvad QA: support at mullvad.net, rui at mullvad.net
+ <details>
+ <summary>email template</summary>
+
+ Subject:
+ New build: Mullvad Browser $(MULLVAD_BROWSER_VERION) (unsigned)
+
+ Body:
+ unsigned builds: https://tb-build-05.torproject.org/~$(BUILDER)/builds/mullvadbrowser/release/unsigned/$(MB_BUILD_TAG)
+
+ changelog:
+ ...
+
+ </details>
+
+ - ***(Optional)*** Add additional information:
+ - [ ] Note any new functionality which needs testing
+ - [ ] Link to any known issues
+
+</details>
+
+<details>
+ <summary>Signing</summary>
+
+### signing
+- [ ] On `$(STAGING_SERVER)`, ensure updated:
+ - [ ] `tor-browser-build/tools/signing/set-config.hosts`
+ - `ssh_host_builder` : ssh hostname of machine with unsigned builds
+ - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory)
+ - `ssh_host_linux_signer` : ssh hostname of linux signing machine
+ - `ssh_host_macos_signer` : ssh hostname of macOS signing machine
+ - [ ] `tor-browser-build/tools/signing/set-config.macos-notarization`
+ - `macos_notarization_user` : the email login for a mullvad notariser Apple Developer account
+ - [ ] `set-config.update-responses`
+ - `update_responses_repository_dir` : directory where you cloned `git at gitlab.torproject.org:tpo/applications/mullvad-browser-update-responses.git`
+ - [ ] `tor-browser-build/tools/signing/set-config.tbb-version`
+ - `tbb_version` : mullvad browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`)
+ - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
+ - `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases
+- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run the macOS proxy script:
+ - `cd tor-browser-build/tools/signing/`
+ - `./macos-signer-proxy`
+- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
+- [ ] run do-all-signing script:
+ - `cd tor-browser-build/tools/signing/`
+ - `./do-all-signing.mullvadbrowser`
+- **NOTE**: at this point the signed binaries should have been copied to `staticiforme`
+- [ ] Update `staticiforme.torproject.org`:
+ - From `screen` session on `staticiforme.torproject.org`:
+ - [ ] Static update components : `static-update-component dist.torproject.org`
+ - [ ] Remove old release data from `/srv/dist-master.torproject.org/htdocs/mullvadbrowser`
+ - [ ] Static update components (again) : `static-update-component dist.torproject.org`
+
+</details>
+
+<details>
+ <summary>Publishing</summary>
+
+### email
+
+- [ ] Email Mullvad with release information: support at mullvad.net, rui at mullvad.net
+ <details>
+ <summary>email template</summary>
+
+ Subject:
+ New build: Mullvad Browser $(MULLVAD_BROWSER_VERION) (signed)
+
+ Body:
+ signed builds: https://dist.torproject.org/mullvadbrowser/$(MULLVAD_BROWSER_VERSION)
+
+ update_response hashes: $(MULLVAD_UPDATE_RESPONSES_HASH)
+
+ changelog:
+ ...
+
+ </details>
+
+### mullvad-browser (github): https://github.com/mullvad/mullvad-browser/
+- [ ] Push this release's associated `mullvad-browser.git` branch to github
+- [ ] Push this release's associated tags to github:
+ - [ ] Firefox ESR tag
+ - **example** : `FIREFOX_102_12_0esr_BUILD1,`
+ - [ ] `base-browser` tag
+ - **example** : `base-browser-102.12.0esr-12.0-1-build1`
+ - [ ] `mullvad-browser` tag
+ - **example** : `mullvad-browser-102.12.0esr-12.0-1-build1`
+- [ ] Sign+Tag additionally the `mullvad-browser.git` `firefox` commit used in build:
+ - **Tag**: `$(MULLVAD_BROWSER_VERSION)`
+ - **example** : `12.5a7`
+ - **Message**: `$(ESR_VERSION)esr-based $(MULLVAD_BROWSER_VERSION)`
+ - **example** : `102.12.0esr-based 12.5a7`
+ - [ ] Push tag to github
+
+</details>
+
+<details>
+ <summary>Downstream</summary>
+
+### notify packagers
+
+- [ ] **(Optional, Once Mullvad Updates their Github Releases Page)** Email downstream consumers:
+ <details>
+ <summary>email template</summary>
+
+ ...
+
+ ...
+
+ </details>
+
+ - **NOTE**: This is an optional step and only necessary close a major release/transition from alpha to stable, or if there are major packing changes these developers need to be aware of
+ - [ ] flathub package maintainer: proletarius101 at protonmail.com
+ - [ ] arch package maintainer: bootctl at gmail.com
+ - [ ] nixOS package maintainer: dev at felschr.com
+
+</details>
+
+/label ~"Release Prep"
=====================================
.gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md
=====================================
@@ -2,32 +2,36 @@
<summary>Explanation of variables</summary>
- `$(BUILD_SERVER)` : the server the main builder is using to build a mullvad-browser release
+- `$(BUILDER)` : whomever is building the release on the $(BUILD_SERVER)
+ - **example** : `pierov`
- `$(STAGING_SERVER)` : the server the signer is using to to run the signing process
- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building mullvad-browser tags, labels, etc
- - example : `91.6.0`
+ - **example** : `91.6.0`
- `$(MULLVAD_BROWSER_MAJOR)` : the Mullvad Browser major version
- - example : `11`
+ - **example** : `11`
- `$(MULLVAD_BROWSER_MINOR)` : the Mullvad Browser minor version
- - example : either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
+ - **example** : either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
- `$(MULLVAD_BROWSER_VERSION)` : the Mullvad Browser version in the format
- - example: `12.5a3`, `12.0.3`
+ - **example** : `12.5a3`, `12.0.3`
- `$(BUILD_N)` : a project's build revision within a its branch; this is separate from the `$(MULLVAD_BROWSER_BUILD_N)` value; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build.
- - example : `build1`
+ - **example** : `build1`
- `$(MULLVAD_BROWSER_BUILD_N)` : the mullvad-browser build revision for a given Mullvad Browser release; used in tagging git commits
- - example : `build2`
- - **NOTE** : A project's `$(BUILD_N)` and `$(MULLVAD_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For example :
- - if we have multiple Mullvad Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(MULLVAD_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(MULLVAD_BROWSER_VERSION)` will increase)
- - if we have build failures unrelated to `mullvad-browser`, the `$(MULLVAD_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same.
+ - **example** : `build2`
+ - **NOTE** : A project's `$(BUILD_N)` and `$(MULLVAD_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For **example** :
+ - if we have multiple Mullvad Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(MULLVAD_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(MULLVAD_BROWSER_VERSION)` will increase)
+ - if we have build failures unrelated to `mullvad-browser`, the `$(MULLVAD_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same.
- `$(MULLVAD_BROWSER_VERSION)` : the published Mullvad Browser version
- - example : `11.5a6`, `11.0.7`
+ - **example** : `11.5a6`, `11.0.7`
+- `$(MB_BUILD_TAG)` : the `tor-browser-build` build tag used to build a given Mullvad Browser version
+ - **example** : `mb-12.0.7-build1`
</details>
-**NOTE** It is assumed that the `tor-browser` rebase and security backport tasks have been completed
+**NOTE** It is assumed that the `tor-browser` stable rebase and security backport tasks have been completed
<details>
- <summary>Build Configs</summary>
+ <summary>Building</summary>
-### tor-browser-build: https://gitlab.mullvadproject.org/tpo/applications/tor-browser-build.git
+### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git
Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MULLVAD_BROWSER_MINOR)` (and possibly more specific) branches
- [ ] Update `rbm.conf`
@@ -57,30 +61,55 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU
- [ ] `URL`
- [ ] `sha256sum`
- [ ] Open MR with above changes
-- [ ] Begin build on `$(BUILD_SERVER)` (and fix any issues which come up and update MR)
- [ ] Merge
- [ ] Sign/Tag commit: `make mullvadbrowser-signtag-release`
- [ ] Push tag to `origin`
+- [ ] Begin build on `$(BUILD_SERVER)` (fix any issues in subsequent MRs)
+- [ ] **TODO** Submit build-tag to Mullvad build infra
+- [ ] Ensure builders have matching builds
+
+</details>
+
+<details>
+ <summary>QA</summary>
+
+### send the build
+
+ - [ ] Email Mullvad QA: support at mullvad.net, rui at mullvad.net
+ <details>
+ <summary>email template</summary>
+
+ Subject:
+ New build: Mullvad Browser $(MULLVAD_BROWSER_VERION) (unsigned)
+
+ Body:
+ unsigned builds: https://tb-build-05.torproject.org/~$(BUILDER)/builds/mullvadbrowser/release/unsigned/$(MB_BUILD_TAG)
+
+ changelog:
+ ...
+
+ </details>
+
+ - ***(Optional)*** Add additional information:
+ - [ ] Note any new functionality which needs testing
+ - [ ] Link to any known issues
</details>
<details>
<summary>Signing</summary>
-### signing + publishing
-- [ ] Ensure builders have matching builds
+### signing
- [ ] On `$(STAGING_SERVER)`, ensure updated:
- - [ ] `tor-browser-build/tools/signing/set-config`
- - `NSS_DB_DIR` : location of the `nssdb7` direcmullvady
- [ ] `tor-browser-build/tools/signing/set-config.hosts`
- `ssh_host_builder` : ssh hostname of machine with unsigned builds
- - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` direcmullvady)
+ - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory)
- `ssh_host_linux_signer` : ssh hostname of linux signing machine
- `ssh_host_macos_signer` : ssh hostname of macOS signing machine
- [ ] `tor-browser-build/tools/signing/set-config.macos-notarization`
- `macos_notarization_user` : the email login for a mullvad notariser Apple Developer account
- [ ] `set-config.update-responses`
- - `update_responses_reposimullvady_dir` : direcmullvady where you cloned `git at gitlab.mullvadproject.org:tpo/applications/mullvad-browser-update-responses.git`
+ - `update_responses_repository_dir` : directory where you cloned `git at gitlab.torproject.org:tpo/applications/mullvad-browser-update-responses.git`
- [ ] `tor-browser-build/tools/signing/set-config.tbb-version`
- `tbb_version` : mullvad browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`)
- `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
@@ -91,7 +120,7 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU
- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
- [ ] run do-all-signing script:
- `cd tor-browser-build/tools/signing/`
- - `./do-all-signing.sh`
+ - `./do-all-signing.mullvadbrowser`
- **NOTE**: at this point the signed binaries should have been copied to `staticiforme`
- [ ] Update `staticiforme.torproject.org`:
- From `screen` session on `staticiforme.torproject.org`:
@@ -101,19 +130,64 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU
</details>
+<details>
+ <summary>Publishing</summary>
+
+### email
+
+- [ ] Email Mullvad with release information: support at mullvad.net, rui at mullvad.net
+ <details>
+ <summary>email template</summary>
+
+ Subject:
+ New build: Mullvad Browser $(MULLVAD_BROWSER_VERION) (signed)
+
+ Body:
+ signed builds: https://dist.torproject.org/mullvadbrowser/$(MULLVAD_BROWSER_VERSION)
+
+ update_response hashes: $(MULLVAD_UPDATE_RESPONSES_HASH)
+
+ changelog:
+ ...
+
+ </details>
+
+### mullvad-browser (github): https://github.com/mullvad/mullvad-browser/
+- [ ] Push this release's associated `mullvad-browser.git` branch to github
+- [ ] Push this release's associated tags to github:
+ - [ ] Firefox ESR tag
+ - **example** : `FIREFOX_102_12_0esr_BUILD1,`
+ - [ ] `base-browser` tag
+ - **example** : `base-browser-102.12.0esr-12.0-1-build1`
+ - [ ] `mullvad-browser` tag
+ - **example** : `mullvad-browser-102.12.0esr-12.0-1-build1`
+- [ ] Sign+Tag additionally the `mullvad-browser.git` `firefox` commit used in build:
+ - **Tag**: `$(MULLVAD_BROWSER_VERSION)`
+ - **example** : `12.0.7`
+ - **Message**: `$(ESR_VERSION)esr-based $(MULLVAD_BROWSER_VERSION)`
+ - **example** : `102.12.0esr-based 12.0.7`
+ - [ ] Push tag to github
+
+</details>
+
<details>
<summary>Downstream</summary>
-### notify stakeholders
+### notify packagers
+
+- [ ] **(Once Mullvad Updates their Github Releases Page)** Email downstream consumers:
+ <details>
+ <summary>email template</summary>
+
+ ...
+
+ ...
+
+ </details>
-- [ ] Email Mullvad with release information: rui at mullvad.net
- - [ ] Build artifact download list
- - [ ] New `mullvad-browser` project branch and tags
- - [ ] mullvad-browser-update-responses git hash
- - [ ] changelog
-- [ ] Email downstream consumers:
- [ ] flathub package maintainer: proletarius101 at protonmail.com
- [ ] arch package maintainer: bootctl at gmail.com
+ - [ ] nixOS package maintainer: dev at felschr.com
### merge requests
=====================================
.gitlab/issue_templates/Release Prep - Tor Browser Alpha.md
=====================================
@@ -2,28 +2,34 @@
<summary>Explanation of variables</summary>
- `$(BUILD_SERVER)` : the server the main builder is using to build a tor-browser release
+- `$(BUILDER)` : whomever is building the release on the $(BUILD_SERVER)
+ - **example** : `pierov`
- `$(STAGING_SERVER)` : the server the signer is using to to run the signing process
- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc
- - example : `91.6.0`
+ - **example** : `91.6.0`
- `$(TOR_BROWSER_MAJOR)` : the Tor Browser major version
- - example : `11`
+ - **example** : `11`
- `$(TOR_BROWSER_MINOR)` : the Tor Browser minor version
- - example : either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
+ - **example** : either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
+- `$(TOR_BROWSER_VERSION)` : the Tor Browser version in the format
+ - **example** : `12.5a3`, `12.0.3`
- `$(BUILD_N)` : a project's build revision within a its branch; this is separate from the `$(TOR_BROWSER_BUILD_N)` value; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build.
- - example : `build1`
+ - **example** : `build1`
- `$(TOR_BROWSER_BUILD_N)` : the tor-browser build revision for a given Tor Browser release; used in tagging git commits
- - example : `build2`
- - **NOTE** : A project's `$(BUILD_N)` and `$(TOR_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For example :
- - if we have multiple Tor Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(TOR_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(TOR_BROWSER_VERSION)` will increase)
- - if we have build failures unrelated to `tor-browser`, the `$(TOR_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same.
+ - **example** : `build2`
+ - **NOTE** : A project's `$(BUILD_N)` and `$(TOR_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For example :
+ - if we have multiple Tor Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(TOR_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(TOR_BROWSER_VERSION)` will increase)
+ - if we have build failures unrelated to `tor-browser`, the `$(TOR_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same.
- `$(TOR_BROWSER_VERSION)` : the published Tor Browser version
- - example : `11.5a6`, `11.0.7`
+ - **example** : `11.5a6`, `11.0.7`
+- `$(TBB_BUILD_TAG)` : the `tor-browser-build` build tag used to build a given Tor Browser version
+ - **example** : `tbb-12.5a7-build1`
</details>
-**NOTE** It is assumed that the `tor-browser` rebase and security backport tasks have been completed
+**NOTE** It is assumed that the `tor-browser` stable rebase and security backport tasks have been completed
<details>
- <summary>Build Updates</summary>
+ <summary>Building</summary>
### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git
Tor Browser Alpha (and Nightly) are on the `main` branch
@@ -44,7 +50,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
- [ ] `steps/tor-browser/git_hash` : update with `HEAD` commit of project's `tor-browser` branch
- [ ] `steps/fenix/git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch
- [ ] Update Android-specific build configs
- - [ ] ***(Optional)*** Update `projects/geckoview/config`
+ - [ ] Update `projects/geckoview/config`
- [ ] `browser_build` : update to match `tor-browser` tag
- [ ] ***(Optional)*** `var/geckoview_version` : update to latest `$(ESR_VERSION)` if rebased
- [ ] ***(Optional)*** Update `projects/tor-android-service/config`
@@ -56,7 +62,6 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
- [ ] `android_components_build` : update to match alpha android-components tag
- [ ] ***(Optional)*** Update `projects/fenix/config`
- [ ] `fenix_build` : update to match fenix tag
- - [ ] ***(Optional)*** `var/fenix_version` : update to latest `$(ESR_VERSION)` if rebased
- [ ] Update allowed_addons.json by running (from `tor-browser-build` root):
- `./tools/fetch_allowed_addons.py > projects/browser/allowed_addons.json`
- [ ] Update common build configs
@@ -79,14 +84,13 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
- [ ] ***(Optional)*** Update `projects/go/config`
- [ ] `version` : update go version
- [ ] `input_files/sha256sum` for `go` : update sha256sum of archive (sha256 sums are displayed on the go download page)
- - [ ] Update the manual : https://gitlab.torproject.org/tpo/web/manual/-/jobs/
- - [ ] Download the `artifacts.zip` file from latest build stage row (download icon button on the right)
- - [ ] Rename it to `manual_$PIPELINEID.zip`
- - [ ] Upload it to people.tpo
- - [ ] Update `projects/manual/config`
- - [ ] Change the version to `$PIPELINEID`
- - [ ] Update the hash in the input_files section
- - [ ] Update the URL if you have uploaded to a different people.tpo home
+ - [ ] Check for manual updates by running (from `tor-browser-build` root): `./tools/fetch-manual.py`
+ - [ ] ***(Optional)*** If new version is available:
+ - [ ] Upload the downloaded `manual_$PIPELINEID.zip` file to people.tpo
+ - [ ] Update `projects/manual/config`:
+ - [ ] Change the `version` to `$PIPELINEID`
+ - [ ] Update `sha256sum` in the `input_files` section
+ - [ ] ***(Optional)*** Update the URL if you have uploaded to a different people.tpo home
- [ ] Update `ChangeLog.txt`
- [ ] Ensure ChangeLog.txt is sync'd between alpha and stable branches
- [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones
@@ -94,19 +98,26 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
- Make sure you have `requests` installed (e.g., `apt install python3-requests`)
- The first time you run this script you will need to generate an access token; the script will guide you
- [ ] Copy the output of the script to the beginning of `ChangeLog.txt` and adjust its output
- - If you used the issue number, you will need to write the Tor Browser version manually
- - [ ] Include any version updates for:
- - [ ] translations
- - [ ] OpenSSL
- - [ ] NoScript
+ - **NOTE** : If you used the issue number, you will need to write the Tor Browser version manually
+ - [ ] ***(Optional)*** Under `All Platforms` include any version updates for:
+ - [ ] Translations
+ - [ ]OpenSSL
+ - [ ]NoScript
+ - [ ]zlib
+ - [ ] tor daemon
+ - [ ] ***(Optional)*** Under `Windows + macOS + Linux` include updates for:
+ - [ ] Firefox
+ - [ ] ***(Optional)*** Under `Android`, include updates for:
+ - [ ] Geckoview
+ - [ ] ***(Optional)*** Under `Build System/All Platforms` include updates for:
- [ ] Go
- - [ ] zlib
- - [ ] Include any ESR rebase for Firefox and GeckoView
- [ ] Open MR with above changes
-- [ ] Begin build on `$(BUILD_SERVER)` (fix any issues which come up and update MR)
- [ ] Merge
- [ ] Sign/Tag commit: `make torbrowser-signtag-alpha`
- [ ] Push tag to `origin`
+- [ ] Begin build on `$(BUILD_SERVER)` (fix any issues in subsequent MRs)
+- [ ] **TODO** Submit build-tag to Mullvad build infra
+- [ ] Ensure builders have matching builds
</details>
@@ -118,6 +129,10 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
<details>
<summary>email template</summary>
+ Subject:
+ Tor Browser $(TOR_BROWSER_VERION) (Android, Windows, macOS, Linux)
+
+ Body:
Hello All,
Unsigned Tor Browser $(TOR_BROWSER_VERSION) alpha candidate builds are now available for testing:
@@ -126,15 +141,15 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
The full changelog can be found here:
- - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/main/projects/browser/Bundle-Data/Docs/ChangeLog.txt
+ - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/blob/$(TBB_BUILD_TAG)/ChangeLog.txt
</details>
- [ ] Email tor-qa mailing list: tor-qa at lists.torproject.org
- - Additional information:
+ - ***(Optional)*** Additional information:
- [ ] Note any new functionality which needs testing
- [ ] Link to any known issues
-- [ ] ***(Optional, only around build/packaging changes)*** Email downstream consumers:
+- [ ] ***(Optional, only around build/packaging changes)*** Email packagers:
- Recipients:
- Tails dev mailing list: tails-dev at boum.org
- Guardian Project: nathan at guardianproject.info
@@ -142,7 +157,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
- FreeBSD port: freebsd at sysctl.cz <!-- Gitlab user maxfx -->
- OpenBSD port: caspar at schutijser.com <!-- Gitlab user cschutijser -->
- [ ] Note any changes which may affect packaging/downstream integration
-- [ ] Email upstream stakeholders:
+- [ ] Email external partners:
- ***(Optional, after ESR migration)*** Cloudflare: ask-research at cloudflare.com
- **NOTE** : We need to provide them with updated user agent string so they can update their internal machinery to prevent Tor Browser users from getting so many CAPTCHAs
@@ -151,11 +166,9 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
<details>
<summary>Signing</summary>
-### signing + publishing
-- [ ] Ensure builders have matching builds
+### signing
+- **NOTE** : In practice, it's most efficient to have the blog post and website updates ready to merge, since signing doesn't take very long
- [ ] On `$(STAGING_SERVER)`, ensure updated:
- - [ ] `tor-browser-build/tools/signing/set-config`
- - `NSS_DB_DIR` : location of the `nssdb7` directory
- [ ] `tor-browser-build/tools/signing/set-config.hosts`
- `ssh_host_builder` : ssh hostname of machine with unsigned builds
- **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory)
@@ -182,7 +195,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
- [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
- [ ] Enable update responses : `sudo -u tb-release ./deploy_update_responses-alpha.sh`
- [ ] Remove old release data from following places:
- - **NOTE** : Skip this step if the current release is Android or Desktop *only*
+ - **NOTE** : Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc)
- [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
- [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
- [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
@@ -236,7 +249,24 @@ Tor Browser Alpha (and Nightly) are on the `main` branch
- [ ] Publish after CI passes and website has been updated
### tor-announce mailing list
-- [ ] Send an email to tor-announce at lists.torproject.org, using the same content as the blog post and subject "Tor Browser $version is released".
+ <details>
+ <summary>email template</summary>
+
+ Subject:
+ New Release: Tor Browser $(TOR_BROWSER_VERSION) (Android, Windows, macOS, Linux)
+
+ Body:
+ Hi everyone,
+
+ Tor Browser $(TOR_BROWSER_VERSION) has now been published for all platforms. For details please see our blog post:
+
+ - $(BLOG_POST_URL)
+
+ </details>
+
+- [ ] Email tor-announce mailing list: tor-announce at lists.torproject.org
+ - **(Optional)** Additional information:
+ - [ ] Link to any known issues
</details>
=====================================
.gitlab/issue_templates/Release Prep - Tor Browser Stable.md
=====================================
@@ -2,33 +2,34 @@
<summary>Explanation of variables</summary>
- `$(BUILD_SERVER)` : the server the main builder is using to build a tor-browser release
+- `$(BUILDER)` : whomever is building the release on the $(BUILD_SERVER)
+ - **example** : `pierov`
- `$(STAGING_SERVER)` : the server the signer is using to to run the signing process
- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc
- - example : `91.6.0`
-- `$(ESR_TAG)` : the Mozilla defined hg (Mercurial) tag associated with `$(ESR_VERSION)`
- - exmaple : `FIREFOX_91_7_0esr_BUILD2`
-- `$(ESR_TAG_PREV)` : the Mozilla defined hg (Mercurial) tag associated with the previous ESR version when rebasing (ie, the ESR version we are rebasing from)
+ - **example** : `91.6.0`
- `$(TOR_BROWSER_MAJOR)` : the Tor Browser major version
- - example : `11`
+ - **example** : `11`
- `$(TOR_BROWSER_MINOR)` : the Tor Browser minor version
- - example : either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
+ - **example** : either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
- `$(TOR_BROWSER_VERSION)` : the Tor Browser version in the format
- - example: `12.5a3`, `12.0.3`
+ - **example** : `12.5a3`, `12.0.3`
- `$(BUILD_N)` : a project's build revision within a its branch; this is separate from the `$(TOR_BROWSER_BUILD_N)` value; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build.
- - example : `build1`
+ - **example** : `build1`
- `$(TOR_BROWSER_BUILD_N)` : the tor-browser build revision for a given Tor Browser release; used in tagging git commits
- - example : `build2`
- - **NOTE** : A project's `$(BUILD_N)` and `$(TOR_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For example :
- - if we have multiple Tor Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(TOR_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(TOR_BROWSER_VERSION)` will increase)
- - if we have build failures unrelated to `tor-browser`, the `$(TOR_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same.
+ - **example** : `build2`
+ - **NOTE** : A project's `$(BUILD_N)` and `$(TOR_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For example :
+ - if we have multiple Tor Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(TOR_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(TOR_BROWSER_VERSION)` will increase)
+ - if we have build failures unrelated to `tor-browser`, the `$(TOR_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same.
- `$(TOR_BROWSER_VERSION)` : the published Tor Browser version
- - example : `11.5a6`, `11.0.7`
+ - **example** : `11.5a6`, `11.0.7`
+- `$(TBB_BUILD_TAG)` : the `tor-browser-build` build tag used to build a given Tor Browser version
+ - **example** : `tbb-12.0.7-build1`
</details>
-**NOTE** It is assumed that the `tor-browser` rebase and security backport tasks have been completed
+**NOTE** It is assumed that the `tor-browser` stable rebase and security backport tasks have been completed
<details>
- <summary>Build Configs</summary>
+ <summary>Building</summary>
### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git
Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)` (and possibly more specific) branches
@@ -37,7 +38,7 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
- [ ] `var/torbrowser_version` : update to next version
- [ ] `var/torbrowser_build` : update to `$(TOR_BROWSER_BUILD_N)`
- [ ] ***(Desktop Only)***`var/torbrowser_incremental_from` : update to previous Desktop version
- - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make incrementals-*` step will fail
+ - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail
- [ ] Update Desktop-specific build configs
- [ ] Update `projects/firefox/config`
- [ ] `browser_build` : update to match `tor-browser` tag
@@ -49,7 +50,7 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
- [ ] `steps/tor-browser/git_hash` : update with `HEAD` commit of project's `tor-browser` branch
- [ ] `steps/fenix/git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch
- [ ] Update Android-specific build configs
- - [ ] ***(Optional)*** Update `projects/geckoview/config`
+ - [ ] Update `projects/geckoview/config`
- [ ] `browser_build` : update to match `tor-browser` tag
- [ ] ***(Optional)*** `var/geckoview_version` : update to latest `$(ESR_VERSION)` if rebased
- [ ] ***(Optional)*** Update `projects/tor-android-service/config`
@@ -58,10 +59,9 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
**NOTE** we don't currently have any of our own patches for this project
- [ ] `git_hash` : update to appropriate git commit associated with `$(ESR_VERSION)`
- [ ] ***(Optional)*** Update `projects/android-components/config`:
- - [ ] `android_components_build` : update to match android-components tag
+ - [ ] `android_components_build` : update to match stable android-components tag
- [ ] ***(Optional)*** Update `projects/fenix/config`
- [ ] `fenix_build` : update to match fenix tag
- - [ ] ***(Optional)*** `var/fenix_version` : update to latest `$(ESR_VERSION)` if rebased
- [ ] Update allowed_addons.json by running (from `tor-browser-build` root):
- `./tools/fetch_allowed_addons.py > projects/browser/allowed_addons.json`
- [ ] Update common build configs
@@ -84,14 +84,13 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
- [ ] ***(Optional)*** Update `projects/go/config`
- [ ] `version` : update go version
- [ ] `input_files/sha256sum` for `go` : update sha256sum of archive (sha256 sums are displayed on the go download page)
- - [ ] Update the manual : https://gitlab.torproject.org/tpo/web/manual/-/jobs/
- - [ ] Download the `artifacts.zip` file from latest build stage row (download icon button on the right)
- - [ ] Rename it to `manual_$PIPELINEID.zip`
- - [ ] Upload it to people.tpo
- - [ ] Update `projects/manual/config`
- - [ ] Change the version to `$PIPELINEID`
- - [ ] Update the hash in the input_files section
- - [ ] Update the URL if you have uploaded to a different people.tpo home
+ - [ ] Check for manual updates by running (from `tor-browser-build` root): `./tools/fetch-manual.py`
+ - [ ] ***(Optional)*** If new version is available:
+ - [ ] Upload the downloaded `manual_$PIPELINEID.zip` file to people.tpo
+ - [ ] Update `projects/manual/config`:
+ - [ ] Change the `version` to `$PIPELINEID`
+ - [ ] Update `sha256sum` in the `input_files` section
+ - [ ] ***(Optional)*** Update the URL if you have uploaded to a different people.tpo home
- [ ] Update `ChangeLog.txt`
- [ ] Ensure ChangeLog.txt is sync'd between alpha and stable branches
- [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones
@@ -99,19 +98,26 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
- Make sure you have `requests` installed (e.g., `apt install python3-requests`)
- The first time you run this script you will need to generate an access token; the script will guide you
- [ ] Copy the output of the script to the beginning of `ChangeLog.txt` and adjust its output
- - If you used the issue number, you will need to write the Tor Browser version manually
- - [ ] Include any version updates for:
- - [ ] translations
- - [ ] OpenSSL
- - [ ] NoScript
+ - **NOTE** : If you used the issue number, you will need to write the Tor Browser version manually
+ - [ ] ***(Optional)*** Under `All Platforms` include any version updates for:
+ - [ ] Translations
+ - [ ]OpenSSL
+ - [ ]NoScript
+ - [ ]zlib
+ - [ ] tor daemon
+ - [ ] ***(Optional)*** Under `Windows + macOS + Linux` include updates for:
+ - [ ] Firefox
+ - [ ] ***(Optional)*** Under `Android`, include updates for:
+ - [ ] Geckoview
+ - [ ] ***(Optional)*** Under `Build System/All Platforms` include updates for:
- [ ] Go
- - [ ] zlib
- - [ ] Include any ESR rebase for Firefox and GeckoView
- [ ] Open MR with above changes
-- [ ] Begin build on `$(BUILD_SERVER)` (and fix any issues which come up and update MR)
- [ ] Merge
- [ ] Sign/Tag commit: `make torbrowser-signtag-release`
- [ ] Push tag to `origin`
+- [ ] Begin build on `$(BUILD_SERVER)` (fix any issues in subsequent MRs)
+- [ ] **TODO** Submit build-tag to Mullvad build infra
+- [ ] Ensure builders have matching builds
</details>
@@ -123,6 +129,10 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
<details>
<summary>email template</summary>
+ Subject:
+ Tor Browser $(TOR_BROWSER_VERION) (Android, Windows, macOS, Linux)
+
+ Body:
Hello All,
Unsigned Tor Browser $(TOR_BROWSER_VERSION) release candidate builds are now available for testing:
@@ -131,36 +141,31 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
The full changelog can be found here:
- - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/maint-12.0/projects/browser/Bundle-Data/Docs/ChangeLog.txt
+ - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/blob/$(TBB_BUILD_TAG)/ChangeLog.txt
</details>
- [ ] Email tor-qa mailing list: tor-qa at lists.torproject.org
- - Additional information:
+ - ***(Optional)*** Additional information:
- [ ] Note any new functionality which needs testing
- [ ] Link to any known issues
-- [ ] Email downstream consumers:
+- [ ] Email packagers:
- Recipients:
- Tails dev mailing list: tails-dev at boum.org
- Guardian Project: nathan at guardianproject.info
- torbrowser-launcher: micah at micahflee.com
- FreeBSD port: freebsd at sysctl.cz <!-- Gitlab user maxfx -->
- OpenBSD port: caspar at schutijser.com <!-- Gitlab user cschutijser -->
- - [ ] Note any changes which may affect packaging/downstream integration
-- [ ] Email upstream stakeholders:
- - ***(Optional, after ESR migration)*** Cloudflare: ask-research at cloudflare.com
- - **NOTE** : We need to provide them with updated user agent string so they can update their internal machinery to prevent Tor Browser users from getting so many CAPTCHAs
+ - [ ] ***(Optional)*** Note any changes which may affect packaging/downstream integration
</details>
<details>
<summary>Signing</summary>
-### signing + publishing
-- [ ] Ensure builders have matching builds
+### signing
+- **NOTE** : In practice, it's most efficient to have the blog post and website updates ready to merge, since signing doesn't take very long
- [ ] On `$(STAGING_SERVER)`, ensure updated:
- - [ ] `tor-browser-build/tools/signing/set-config`
- - `NSS_DB_DIR` : location of the `nssdb7` directory
- [ ] `tor-browser-build/tools/signing/set-config.hosts`
- `ssh_host_builder` : ssh hostname of machine with unsigned builds
- **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory)
@@ -180,14 +185,14 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
- [ ] run do-all-signing script:
- `cd tor-browser-build/tools/signing/`
- - `./do-all-signing.sh`
+ - `./do-all-signing.torbrowser`
- **NOTE**: at this point the signed binaries should have been copied to `staticiforme`
- [ ] Update `staticiforme.torproject.org`:
- From `screen` session on `staticiforme.torproject.org`:
- [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
- [ ] Enable update responses : `sudo -u tb-release ./deploy_update_responses-release.sh`
- [ ] Remove old release data from following places:
- - **NOTE** : Skip this step if the current release is Android or Desktop *only*
+ - **NOTE** : Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc)
- [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
- [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser`
- [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
@@ -241,7 +246,24 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE
- [ ] Publish after CI passes and website has been updated
### tor-announce mailing list
-- [ ] Send an email to tor-announce at lists.torproject.org, using the same content as the blog post and subject "Tor Browser $version is released".
+ <details>
+ <summary>email template</summary>
+
+ Subject:
+ New Release: Tor Browser $(TOR_BROWSER_VERSION) (Android, Windows, macOS, Linux)
+
+ Body:
+ Hi everyone,
+
+ Tor Browser $(TOR_BROWSER_VERSION) has now been published for all platforms. For details please see our blog post:
+
+ - $(BLOG_POST_URL)
+
+ </details>
+
+- [ ] Email tor-announce mailing list: tor-announce at lists.torproject.org
+ - **(Optional)** Additional information:
+ - [ ] Link to any known issues
</details>
=====================================
.gitlab/merge_request_templates/default.md
=====================================
@@ -2,20 +2,52 @@
<!-- Bookkeeping information for release management -->
-- ### Related Issues
- - tor-browser#xxxxx
- - tor-browser-build#xxxxx
- - etc
+### Related Issues
+- tor-browser#xxxxx
+- mullvad-browser#xxxxx
+- tor-browser-build#xxxxx
-- ### Backport Timeline
- - [ ] **Immediate** - patchsets for critical bug fixes or other major blocker (e.g. fixes for a 0-day exploit) OR patchsets with trivial changes which do not need testing (e.g. fixes for typos or fixes easily verified in a local developer build)
- - [ ] **Next Minor Stable Release** - patchset that needs to be verified in nightly before backport
- - [ ] **Eventually** - patchset that needs to be verified in alpha before backport
- - [ ] **No Backport** - patchset for the next major stable
+### Backporting
-- ### Issue Tracking
- - [ ] Link resolved issues with appropriate [Release Prep issue](https://gitlab.torproject.org/groups/tpo/applications/-/issues/?sort=updated_desc&state=opened&label_name%5B%5D=Release%20Prep&first_page_size=20) for changelog generation
+#### Timeline
+- [ ] **Immediate**: patchset needed as soon as possible
+- [ ] **Next Minor Stable Release**: patchset that needs to be verified in nightly before backport
+- [ ] **Eventually**: patchset that needs to be verified in alpha before backport
+- [ ] **No Backport (preferred)**: patchset for the next major stable
-## Change Description
+#### (Optional) Justification
+- [ ] **Emergency security update**: patchset fixes CVEs, 0-days, etc
+- [ ] **Censorship event**: patchset enables censorship circumvention
+- [ ] **Critical bug-fix**: patchset fixes a bug in core-functionality
+- [ ] **Consistency**: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc
+- [ ] **Sponsor required**: patchset required for sponsor
+- [ ] **Other**: please explain
-<!-- Whatever context the reviewer needs to effectively review the patchset -->
\ No newline at end of file
+### Issue Tracking
+- [ ] Link resolved issues with appropriate [Release Prep issue](https://gitlab.torproject.org/groups/tpo/applications/-/issues/?sort=updated_desc&state=opened&label_name%5B%5D=Release%20Prep&first_page_size=20) for changelog generation
+
+### Review
+
+#### Request Reviewer
+
+- [ ] Request review from an applications developer depending on modified system:
+ - **NOTE**: if the MR modifies multiple areas, please `/cc` all the relevant reviewers (since gitlab only allows 1 reviewer)
+ - **accessibility** : henry
+ - **android** : dan
+ - **build system** : boklm
+ - **extensions** : ma1
+ - **firefox internals (XUL/JS/XPCOM)** : ma1
+ - **fonts** : pierov
+ - **frontend (implementation)** : henry
+ - **frontend (review)** : donuts, richard
+ - **localization** : henry, pierov
+ - **nightly builds** : boklm
+ - **rebases/release-prep** : dan_b, ma1, pierov, richard
+ - **security** : ma1
+ - **signing** : boklm, richard
+ - **updater** : pierov
+ - **misc/other** : pierov, richard
+
+#### Change Description
+
+<!-- Whatever context the reviewer needs to effectively review the patchset; if the patch includes UX updates be sure to include screenshots/video of how any new behaviour -->
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/1472747b909b2c9b3fe0ff0591aac85c55a460d7...82bb21877bcc8b3f772c8b6a78dbdf42835415b7
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/1472747b909b2c9b3fe0ff0591aac85c55a460d7...82bb21877bcc8b3f772c8b6a78dbdf42835415b7
You're receiving this email because of your account on gitlab.torproject.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-commits/attachments/20230621/c3faa35a/attachment-0001.htm>
More information about the tbb-commits
mailing list