Re: [tor-talk] TBB lags behind as Firefox ESR 10.0.6 is released
On Mon, Jul 23, 2012 at 9:17 AM, Robert Ransom wrote: > * How long will you wait for the QA process before making this > security-fix release available to users? fwiw; I have not received an email from Erinn about tor-0.2.2.37-2, which means our QA testers haven't heard about it either. -- Runa A. Sandvik ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TBB lags behind as Firefox ESR 10.0.6 is released
On 7/21/12, Roger Dingledine wrote: > On Sat, Jul 21, 2012 at 08:09:42AM +0200, machine wrote: >> https://www.mozilla.org/en-US/firefox/organizations/all.html >> >> but there hasn't been any update yet for The Tor Browser Bundle, which >> has a Tor Browser version of 10.0.5. > > Yep. I believe TBB 2.2.37-2 is still in the QA process on our side. * Firefox 10.0.6 is a security-fix-only release. Why is Erinn putting it through a QA process? * What classes of problems can the QA process detect? Are these problems more severe or less severe than arbitrary remote code execution? * How long will you wait for the QA process before making this security-fix release available to users? * How long will you wait before removing the current stable release from the list of ‘recommended versions’ of TBB? Robert Ransom ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TBB lags behind as Firefox ESR 10.0.6 is released
Hi, Roger Dingledine wrote (21 Jul 2012 15:54:22 GMT) : > the Tails people set up a forum, and I hear they hate it so much > that at this point they wish they had nothing rather than the one > they have. Well, not exactly, else we would just shut it down immediately :) But yeah, our current forum clearly did not scale well to its current usage rate, and we do want to replace it with something better: https://tails.boum.org/todo/improve_the_forum/ Cheers! ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TBB lags behind as Firefox ESR 10.0.6 is released
On Sat, 21 Jul 2012 11:54:22 -0400, Roger Dingledine wrote: You'll be happy to know that we have plans to hire a QA/build automation person sometime in late 2012 or early 2013. The first 2012 hire shall make tor faster. The second 2012 hire shall reduce the number of bugs per release. Builds shall be automated to not involve humans, including nightlies. Every operating system on the globe can do this, why cannot tor? that is the purpose of a F0RUM, not another MAILING LIST used by the 1%. The 1% of what set of people? The Tails forum is a mess of conspiracy theorists and other maladjusted idiots. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TBB lags behind as Firefox ESR 10.0.6 is released
On Sat, Jul 21, 2012 at 08:09:42AM +0200, machine wrote: > https://www.mozilla.org/en-US/firefox/organizations/all.html > > but there hasn't been any update yet for The Tor Browser Bundle, which > has a Tor Browser version of 10.0.5. Yep. I believe TBB 2.2.37-2 is still in the QA process on our side. We're still working on sorting out how to make our build-and-QA process not suck, since "put together a bundle and release it immediately" has resulted in recent problems too. You'll be happy to know that we have plans to hire a QA/build automation person sometime in late 2012 or early 2013. I'm afraid the ride will stay pretty bumpy until at least then. :/ > instead of working on stuff like this: > https://lists.torproject.org/pipermail/tor-reports/ > > they should create an official clear net discussion f0rum. > > "The idea is to share more with the community and give people a chance to > ask questions directly of the people doing the work." > > that is the purpose of a F0RUM, not another MAILING LIST used by the 1%. I think you misunderstand the rationale for setting up the tor-reports list. It wasn't that we said "I know, what the Tor community needs most is developers writing emails once a month!" These emails were _already_ getting written -- they were just going only to other developers. Now they're going to a broader audience too. As for a forum, I want a forum too. But we want to set one up that isn't worse than the current situation -- the Tails people set up a forum, and I hear they hate it so much that at this point they wish they had nothing rather than the one they have. You may like https://www.torproject.org/docs/faq#Forum as an alternative answer. Stay tuned (but if you're holding your breath, be prepared to hold it a while longer). --Roger ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] TBB lags behind as Firefox ESR 10.0.6 is released
https://www.mozilla.org/en-US/firefox/organizations/all.html but there hasn't been any update yet for The Tor Browser Bundle, which has a Tor Browser version of 10.0.5. - https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html Fixed in Firefox ESR 10.0.6 MFSA 2012-56 Code execution through javascript: URLs MFSA 2012-55 feed: URLs with an innerURI inherit security context of page MFSA 2012-54 Clickjacking of certificate warning page MFSA 2012-53 Content Security Policy 1.0 implementation errors cause data leakage MFSA 2012-52 JSDependentString::undepend string conversion results in memory corruption MFSA 2012-51 X-Frame-Options header ignored when duplicated MFSA 2012-49 Same-compartment Security Wrappers can be bypassed MFSA 2012-48 use-after-free in nsGlobalWindow::PageHidden MFSA 2012-47 Improper filtering of javascript in HTML feed-view MFSA 2012-46 XSS through data: URLs MFSA 2012-45 Spoofing issue with location MFSA 2012-44 Gecko memory corruption MFSA 2012-43 Incorrect URL displayed in addressbar through drag and drop MFSA 2012-42 Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6) 0ff T0pic: instead of working on stuff like this: https://lists.torproject.org/pipermail/tor-reports/ they should create an official clear net discussion f0rum. "The idea is to share more with the community and give people a chance to ask questions directly of the people doing the work." that is the purpose of a F0RUM, not another MAILING LIST used by the 1%. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk