Re: [Tails-dev] Logjam: Tor Browser 4.5.2, and... Tails 1.4.…

This message is part of the following thread:
Mthe complete thread tree sorted by date
M\intrigeri at <-
MMMkytv at ->
Delete this message

Reply to this message
Author: sajolida
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Logjam: Tor Browser 4.5.2, and... Tails 1.4.x?
intrigeri:
> the Tor Browser dev team is preparing a 4.5.2 release to fix Logjam.
> GeKo tells me that "the fix for ESR landed last week but mozilla does
> not deem that important enough to make a chemspill" and "so we
> basically cherry-picked the patches only".

So Mozilla didn't bother to fix it as an emergency, but TBB does. Do we
know more about the motivations of Firefox and TBB to decide that? Does
this attack has some special power in the context of TBB?

> Has anyone here a strong opinion wrt. putting out an emergency Tails
> 1.4.x release? What are you folks motivation and availability to make
> it happen?

No strong opinion, but not really available either :(

I don't feel qualified enough to judge the importance of that bug...

Regarding our schedule 1.4.1 is planned to be release on June 30 (25
days from now). The vulnerability has been announed on May 20 (16 days
ago). When would 1.4.X be released? During how many days would this
emergency be used?

--
sajolida

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] [review'n'merge:1.4.1] bugfix/9406-jenkins-build-in-clean-gitRe: [Tails-dev] Logjam: Tor Browser 4.5.2, and... Tails 1.4.x?->
lists.autistici.org administrated by postmasterLurker (version 2.3)