anonym:
Georg Koppen:
Hi,
Just to inform you about things we learned a couple of minutes ago: the Firefox release is due on Thursday. It got postponed by two days mainly to give 57 beta more publicity.
We'll follow and release Tor Browser on Thursday as well.
Got it! It makes sense for you Tor Browser folks, since the Firefox security issues fixed in ESR 52.3 are not publicly known yet (at least in theory, but the code changes have been out for a week so they can have been reverse-engineered).
But what about Tails? Tails 3.2, which is ready to be published right now, would fix several publicly known security issues for our users, including some potential RCEs (Thunderbird, libsoup, ...). Of course, some of these issues have been out for weeks already, so what's two more days of delay? Still, it makes me want to remember/re-evaluate *why* we always wait on Mozilla.
What are your feelings around this? What are the arguments for/against releasing early?
Not sure what you mean with "early", probably not as soon as one critical security bugfix lands on the esr52 branch (because there are many :) ). Releasing once candidate build1 is done then? It sometimes happens that additional changes get pushed and a buildN is done or that some of the patches need to get backed out due to issues Mozilla found during their Q&A. I guess you don't want that risk either?
TBH this has always seemed odd to me. I remember argument for this being about us behaving like good Free Software community members by coordinating releases. I wonder if they really care, especially given our users' position. So, let's ask them!
I don't know whether they care but that argument has some weight for me at least.
Tor Browser folks, would you care if we released Tails 3.2 right now, so we in effect release Tor Browser 7.0.6 way before you? What do you feel about this in general?
Fine with me.
Georg
As for asking Mozilla, I'm not even sure who/where to ask. Does any one have a clue?
Cheers!