Re: [Tails-dev] Should we delay Tails 3.2? [Was: Tor Browser…

Delete this message

Reply to this message
Autore: Sylvestre Ledru
Data:  
To: anonym, The Tails public development discussion list
CC: gebura, ludovic, discussion regarding Tor Browser Bundle development, carlix, arroway
Oggetto: Re: [Tails-dev] Should we delay Tails 3.2? [Was: Tor Browser release is postponed by two days]
Hello team,

I don't recommend that you ship before us. We do take last minutes patches. Some of them, you won't care (example: Windows accessibility support) but
some others, you might (privacy issue or security fixes).
So, if you want us to 0-day you (and clearly, we don't want to do that to you ;), you should really wait until we ship officially.

Cheers,
Sylvestre


Le 27/09/2017 à 00:15, anonym a écrit :
> Hi, Mozilla folks!
>
> Geb told me you might be able to answer whether Mozilla cares if a Firefox downstream would release something based on Firefox ESR 52.4 earlier than you (or that you might be able to forward it to the right channel within Mozilla). For details and the full context, see the quoted parts below!
>
> Cheers!
>
> anonym:
>> Georg Koppen:
>>> Hi,
>>>
>>> Just to inform you about things we learned a couple of minutes ago: the
>>> Firefox release is due on Thursday. It got postponed by two days mainly
>>> to give 57 beta more publicity.
>>>
>>> We'll follow and release Tor Browser on Thursday as well.
>> Got it! It makes sense for you Tor Browser folks, since the Firefox security issues fixed in ESR 52.3 are not publicly known yet (at least in theory, but the code changes have been out for a week so they can have been reverse-engineered).
>>
>> But what about Tails? Tails 3.2, which is ready to be published right now, would fix several publicly known security issues for our users, including some potential RCEs (Thunderbird, libsoup, ...). Of course, some of these issues have been out for weeks already, so what's two more days of delay? Still, it makes me want to remember/re-evaluate *why* we always wait on Mozilla.
>>
>> What are your feelings around this? What are the arguments for/against releasing early?
>>
>> TBH this has always seemed odd to me. I remember argument for this being about us behaving like good Free Software community members by coordinating releases. I wonder if they really care, especially given our users' position. So, let's ask them!
>>
>> Tor Browser folks, would you care if we released Tails 3.2 right now, so we in effect release Tor Browser 7.0.6 way before you? What do you feel about this in general?
>>
>> As for asking Mozilla, I'm not even sure who/where to ask. Does any one have a clue?
>>
>> Cheers!