[tbb-commits] [Git][tpo/applications/tor-browser][base-browser-115.9.0esr-13.5-1] fixup! Adding issue and merge request templates
richard (@richard)
git at gitlab.torproject.org
Tue Apr 9 21:06:31 UTC 2024
richard pushed to branch base-browser-115.9.0esr-13.5-1 at The Tor Project / Applications / Tor Browser
Commits:
adc4563c by Richard Pospesel at 2024-04-09T21:06:19+00:00
fixup! Adding issue and merge request templates
add an issue template to guide emergency bug fixes
- - - - -
1 changed file:
- + .gitlab/issue_templates/Emergency Security Issue.md
Changes:
=====================================
.gitlab/issue_templates/Emergency Security Issue.md
=====================================
@@ -0,0 +1,90 @@
+**NOTE** This is an issue template to standardise our process for responding to and fixing critical security and privacy vulnerabilities, exploits, etc.
+
+## Information
+
+### Related Issue
+- tor-browser#AAAAA
+- mullvad-browser#BBBBB
+- tor-browser-build#CCCCC
+
+#### Affected Platforms
+
+- [ ] Android
+- [ ] Desktop
+ - [ ] Windows
+ - [ ] macOS
+ - [ ] Linux
+
+### Type of Issue: What are we dealing with?
+
+- [ ] Security (sandbox escape, remote code execution, etc)
+- [ ] Proxy Bypass (traffic contents becoming MITM'able)
+- [ ] De-Anonymization (otherwise identifying which website a user is visiting)
+- [ ] Cross-Site Linkability (correlating sessions across circuits and websites)
+- [ ] Disk Leak (persisting session information to disk)
+- [ ] Other (please explain)
+
+### Involvement: Who needs to be consulted and or involved to fix this?
+
+- [ ] Applications Developers
+ - [ ] **boklm** : build, packaging, signing, release
+ - [ ] **clairehurst** : Android, macOS
+ - [ ] **dan** : Android, macOS
+ - [ ] **henry** : accessibility, frontend, localisation
+ - [ ] **ma1** : firefox internals
+ - [ ] **pierov** : updater, fonts, localisation, general
+ - [ ] **richard** : signing, release
+ - [ ] **thorin** : fingerprinting
+- [ ] Other Engineering Teams
+ - [ ] Networking (**ahf**, **dgoulet**)
+ - [ ] Anti-Censorship (**meskio**, **cohosh**)
+ - [ ] UX (**donuts**)
+ - [ ] TPA (**anarcat**, **lavamind**)
+- [ ] External Tor Partners
+ - [ ] Mozilla
+ - [ ] Mullvad
+ - [ ] Brave
+ - [ ] Guardian Project (Orbot, Onion Browser)
+ - [ ] Tails
+ - [ ] Other (please list)
+
+### Urgency: When do we need to act?
+
+- [ ] **ASAP** :rotating_light: Emergency release :rotating_light:
+- [ ] Next scheduled stable
+- [ ] Next scheduled alpha, then backport to stable
+- [ ] Next major release
+- [ ] Other (please explain)
+
+#### Justification
+
+<!-- Provide some paragraph here justifying the logic behind our estimated urgency -->
+
+### Side-Effects: Who will be affected by a fix for this?
+Sometimes fixes have side-effects: users lose their data, roadmaps need to be adjusted, services have to be upgraded, etc. Please enumerate the known downstream consequences a fix to this issue will likely incur.
+- [ ] End-Users (please list)
+- [ ] Internal Partners (please list)
+- [ ] External Partners (please list)
+
+## Todo:
+
+### Communications
+
+- [ ] Start an initial email thread with the following people:
+ - [ ] **bella**
+ - [ ] Relevant Applications Developers
+ - [ ] **(Optional)** **micah**
+ - if there are considerations or asks outside the Applications Team
+ - [ ] **(Optional)** Other Team Leads
+ - if there are considerations or asks outside the Applications Team
+ - [ ] **(Optional)** **gazebook**
+ - if there are consequences to the organisation or partners beyond a browser update, then a communication plan may be needed
+
+/cc @bella
+/cc @ma1
+/cc @micah
+/cc @richard
+
+/confidential
+
+Godspeed! :pray:
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/adc4563cc73f12c4572c4c6cf9da5307d7978834
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/adc4563cc73f12c4572c4c6cf9da5307d7978834
You're receiving this email because of your account on gitlab.torproject.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-commits/attachments/20240409/a7f4f00e/attachment-0001.htm>
More information about the tbb-commits
mailing list