anonym: > Georg Koppen: >> Hi, >> >> Just to inform you about things we learned a couple of minutes ago: the >> Firefox release is due on Thursday. It got postponed by two days mainly >> to give 57 beta more publicity. >> >> We'll follow and release Tor Browser on Thursday as well. > > Got it! It makes sense for you Tor Browser folks, since the Firefox security > issues fixed in ESR 52.3 are not publicly known yet (at least in theory, but > the code changes have been out for a week so they can have been > reverse-engineered). > > But what about Tails? Tails 3.2, which is ready to be published right now, > would fix several publicly known security issues for our users, including > some potential RCEs (Thunderbird, libsoup, ...). Of course, some of these > issues have been out for weeks already, so what's two more days of delay? > Still, it makes me want to remember/re-evaluate *why* we always wait on > Mozilla. > > What are your feelings around this? What are the arguments for/against > releasing early?
Not sure what you mean with "early", probably not as soon as one critical security bugfix lands on the esr52 branch (because there are many :) ). Releasing once candidate build1 is done then? It sometimes happens that additional changes get pushed and a buildN is done or that some of the patches need to get backed out due to issues Mozilla found during their Q&A. I guess you don't want that risk either? > TBH this has always seemed odd to me. I remember argument for this being > about us behaving like good Free Software community members by coordinating > releases. I wonder if they really care, especially given our users' position. > So, let's ask them! I don't know whether they care but that argument has some weight for me at least. > Tor Browser folks, would you care if we released Tails 3.2 right now, so we > in effect release Tor Browser 7.0.6 way before you? What do you feel about > this in general? Fine with me. Georg > As for asking Mozilla, I'm not even sure who/where to ask. Does any one have > a clue? > > Cheers! >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.