TBB 2.3.12-alpha-2-* is unsafe, but still recommended

Once again, the ‘current’ alpha TBB isn't current enough.

added component::applications/tor bundles/installation owner::erinn priority::immediate resolution::fixed severity::normal status::closed type::defect labels

I think that's somewhat expected. Probably, we should turn off the version check in alpha tbb and instead just say "this is alpha, possibly outdated, more buggy, bla" so we stop running into this trouble.

How close are we to being able to trigger TBB alpha builds when we trigger new builds? In theory it should just be more computing time and more bytes to transfer afterwards, yes?

If our TBB-with-Tor-alpha builds are going to commonly ship with known-insecure Firefoxes, that seems like a poor plan.

(Insert plug for TBB nightlies here.)

Replying to arma:

How close are we to being able to trigger TBB alpha builds when we trigger new builds? In theory it should just be more computing time and more bytes to transfer afterwards, yes?

Yes. Except we still have disk space issues on the VMs, and there was some fuckup where the build improvements for TBB only got applied to the stable branch. This is being reworked atm so that it'll be easier, and when we then have the diskspace we should be able to build new TBBs more rapidly. Still, it is conceivable that it takes a while to adapt Torbutton to the new Firefox release, and that mike will prioritize something else before getting a new alpha out, etc.

If our TBB-with-Tor-alpha builds are going to commonly ship with known-insecure Firefoxes, that seems like a poor plan.

(Insert plug for TBB nightlies here.)

Yup. Nightlies will come, but that wants even more diskspace, and it also won't auto-upgrade to latest firefox, because firefox nightlies break everyday and we won't keep up with them. For the other components, that'll be included.

This package has been known to be remotely exploitable for over a month. Unrecommend it.

Trac:
Priority: major to blocker

We should have put up a blog post and/or written an email to tor-talk about this a long time ago. Until today, I didn't know that TBB 2.3.12-alpha-2-* was unsafe.

What's the holdup about changing the recommended version in the git repo? We really should not let those users stay on an unsafe version.

Unless we can get the next TBB out last week, we should just remove the 2.3.x versions from the recommended list.

Trac:
0001-Unrecommend-the-2.3.12-alpha-versions.patch

See attached patch; is there any reason we can't just apply that?

I think it would be smart to apply it.

Hopefully in a few days we'll learn from Erinn what we can do to help her (or somebody else) make 0.2.3 packages in a more consistent way.

I NEED to use the 2.3 branch because I'm located in China. 2.2 is blocked here. tor-browser-2.3.19-alpha-1_en-US was a disaster. tor-browser-2.3.20 is also causing me lots of problems. Can you please release a 2.3 that is based off of more stable code for us in stuck here China?

Trac:
Username: slacka

Replying to slacka:

I NEED to use the 2.3 branch because I'm located in China. 2.2 is blocked here. tor-browser-2.3.19-alpha-1_en-US was a disaster. tor-browser-2.3.20 is also causing me lots of problems. Can you please release a 2.3 that is based off of more stable code for us in stuck here China?

This is probably the wrong ticket. Also, the 2.3.20 bundle is supposed to be pretty good. If it has specific bugs, please open tickets for them.

I'm closing this since the alpha bundles are now being regularly updated.

Trac:
Status: new to closed
Resolution: N/A to fixed

Set all tickets without a severity to "Normal"

Trac:
Severity: N/A to Normal

closed

mentioned in issue #6190 (moved)