[tbb-dev] sandboxed-tor-browser and TBB 7.5a5.

Georg Koppen gk at torproject.org
Fri Sep 29 08:44:00 UTC 2017

Yawning Angel:
> On Fri, 29 Sep 2017 06:01:00 +0000
> Georg Koppen <gk at torproject.org> wrote:
>> Roger Dingledine:
>>> On Fri, Sep 29, 2017 at 04:59:46AM +0000, Yawning Angel wrote:  
>>>> Don't know.  Depends on if people expect the alpha channel to be
>>>> usable or not.  
>> Well, I think assuming issues is okay but we should not leave it
>> broken. Yawning, could you tag a new release? Then we can build a new
>> sandboxed-tor-browser and put that out. Just falling back to an older
>> version won't help.
> Done.
>>> It is true that the right thing for the Tor Browser team to do now
>>> is either to take down the alpha sandbox, because it is known to
>>> not work at all, or to put up a new updated one.
>>> Leaving the current one in place is not among the reasonable
>>> options. :)  
>> I tend to agree although I think we should avoid just taking it down
>> as it is not totally broken in the sense that choosing any option
>> would result in a non-working browser.
> I mean, the stable channel works, which is what people should be using
> anyway, and it's not the first time that "oh, alpha is broken, and will
> be for a while" cropped up, so it could be left as is, though now that
> I tagged, if someone wants to rebuild they can.

Okay. The next alpha will be out in less than three weeks. Maybe that's
enough and we point the sandbox alpha users (which run an experimental
software in an experiemental sandbox) to the stable series?

However, the bug seems to be due to content sandboxing enabled (if I see
that right) and my plan was to just ship the stable Linux series with
that enabled in about three weeks if nothing explodes. That would leave
sandboxed-tor-browser users on the stable series with the same
experience with no way upgrading to 0.0.14 before 7.0.7 gets out. We
might want to avoid that.

> Constructive(?) suggestions for long term solutions:
>  * I've said previously what I think should happen so that everyone
>    gets the sandbox.  Doing so would remove this as a separate
>    component, with a "new and improved" launcher also handling
>    sandboxing duties.  The QA situation presumably will be better
>    in this sort of world, because breaking bugs will render the browser
>    non-functional.

I am a fan. We just need to think how we get there.

>  * Decouple the sandboxed-tor-browser build/release from the alpha
>    builds, so that the sandbox can be released after it's known to
>    actually work with each new stable/alpha release.

We could think about that one, too. Although I would rather have a way
to test those releases in sandboxed-tor-browser beforehand than adding
complexity to our release process.


>  * (All other options involve varying degrees of "keep doing
>     what we're doing now" and "give up on things".  Not really a
>     suggestion, more of an indication of what's likely.)
> Regards,
> _______________________________________________
> tbb-dev mailing list
> tbb-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20170929/8ed7aa07/attachment.sig>

More information about the tbb-dev mailing list