Tor Messenger Release Process (#17455)

  • Bump the version of Tor Messenger in rbm.conf
  • Ensure the HEAD on the build machines matches the master of the tor-messenger-build repository.
  • Run make tor-messenger-release. The builds will be in release/$VERSION directory, along with the sha256sums.txt file.
  • Compare the Linux build hashes (reproducible) with one other person, preferably building on a different machine.
  • Test builds on all platforms:
    • Create at least one XMPP account and make sure in-band works and the account connects.
    • Initiate an OTR conversation with another instance. Verify the various authentication mechanisms.
    • Check "Error Console" for errors, warnings or messages and try to fix them.
  • Sign the sha256sums.txt file (gpg -abs). Currently the builds are signed with the 0xB297B391 key.
  • Note about add-ons update: add-ons will only be updated if the version in install.rdf has changed. So for example for ctypes-otr, make sure if there are changes to be updated that the version number is bumped.
  • Tag the release (git tag -s v$VERSION -m 'version $VERSION'). Before pushing tag, make sure HEAD adds the date to the changelog and is not some other commit. Push tag to
  • Upload the signed builds to
  • Upload the builds to so that they have time to calm down with false positive reports. (See #17454)
  • Increment the version number and update the links on
  • Publish the blog post
  • Email to tor-announce
Last modified 3 years ago Last modified on Nov 22, 2016, 10:54:04 AM