[tbb-dev] Tor Browser version strategy

Mike Perry mikeperry at torproject.org
Mon Mar 24 20:10:08 UTC 2014 

Mark Smith:
> On 3/24/14, 8:59 AM, Lunar wrote:
> >Mark Smith:
> >>Radical proposal of the day:  Can we use the Firefox major version number in
> >>the Tor Browser version?  This would mean that TBB versions would be 24.0,
> >>24.1, 24.1.1, etc.
> >
> >How would you support what is currently out there: Tor Browser 3.5.3 as
> >the stable branch and Tor Browser 3.6-beta-1 as the beta branch? Both
> >are based on 24.4.0esr.
> 
> This is a good question.
> 
> We do not need to exactly match the Firefox version numbers; I think
> just using the major revision number in our TBB version numbers
> would be sufficient for us to avoid the need to patch Firefox's
> updater code. But we would need to come up with a way to partition
> the version number space, e.g.,
> 
> Stable: 24.0, 24.0.1, 24.0.2, ...
> Beta:   24.1b1, 24.1b2, 24.1b3, ...
> 
> The problem with this is that it will be confusing to have a 24.1b1
> Tor Browser that is based on Firefox 24.4.0esr.  The only thing
> people could assume is that the first portion of the Tor Browser
> number matches the first portion of the Firefox version.  But they
> might tend to assume more of a relationship since our version
> numbers would so closely resemble Firefox's.
> 
> I am not sure how many people look closely at version numbers
> though. Most people just care that a higher version number implies
> newer software.

Is there a reason why we need to use their exact version numbers? What
if we just formatted and stored existing TBB versions in the same way
that Firefox does?

We would need version update patches for each TBB release to get applied
to the corresponding tor-browser.git branch/tag we use, but that isn't
terribly hard.

As for changes to the updater that Mozilla would want: We do want to do
some analysis and work to harden the updater against the attacks
enumerated by the TUF/Thandy literature. Mozilla has done some of this
work, but we probably will want to make some more changes. Making our
Tor Browser specific changes as minimal as possible will make this easier.

-- 
Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20140324/270a364b/attachment.sig>

More information about the tbb-dev mailing list