[tbb-dev] Tor Browser version strategy

Georg Koppen gk at torproject.org
Mon Mar 24 20:45:07 UTC 2014

Mark Smith:
> On 3/24/14, 8:49 AM, Georg Koppen wrote:
>> while that is true, would Mozilla have a need to modify its Firefox
>> updater at all and should it? I mean, we only patch the updater as not
>> all our other Tor Browser patches are merged upstream yet. So, I expect
>> Mozilla to say: "Look, neither you nor we need that modified updater as
>> it only exists due to all your other fixes not being upstreamed. Let's
>> fix the latter then." And this position is quite reasonable IMO.
>> Especially as they have to deal with the Tor Project related updater
>> code if there is some time in the future where all our patches are
>> indeed merged upstream (Granted, that will still take quite some time
>> :).).
> Are you saying that if/when all of our Firefox patches have been merged
> upstream, we can just ship Firefox as part of TBB?  That may be true,

Or just ship tor and related stuff as it has been before the decision
was made to manage an own browser.

> but if we plan to continue to ship a bundle that includes tor, the PTs,
> etc. then we will still need a way to update the entire bundle.

That is true. But there would be other options if that would actually be
needed then (like Thandy).

Don't get me wrong, if Mozilla is taking our patches we should
definitely go for it. And if making them as simple as possible helps,
even better. I just wanted to point out that relying on the Mozilla
argument seemed not particularly strong to me as not getting the updater
patch merged is not as important compared to the other patches we have
(from a privacy/anon perspective): We could deploy a vanilla Firefox
without the updater patch (and use e.g. Thandy or don't ship bundles
with Firefox anymore) but not without one of the privacy/anon related ones.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20140324/caad3b9a/attachment.sig>

More information about the tbb-dev mailing list