[tor-commits] [Git][tpo/applications/tor-browser][base-browser-115.9.0esr-13.5-1] fixup! Adding issue and merge request templates

richard (@richard) git at gitlab.torproject.org
Tue Apr 9 21:06:31 UTC 2024

richard pushed to branch base-browser-115.9.0esr-13.5-1 at The Tor Project / Applications / Tor Browser

adc4563c by Richard Pospesel at 2024-04-09T21:06:19+00:00
fixup! Adding issue and merge request templates

add an issue template to guide emergency bug fixes

- - - - -

1 changed file:

- + .gitlab/issue_templates/Emergency Security Issue.md


.gitlab/issue_templates/Emergency Security Issue.md
@@ -0,0 +1,90 @@
+**NOTE** This is an issue template to standardise our process for responding to and fixing critical security and privacy vulnerabilities, exploits, etc.
+## Information
+### Related Issue
+- tor-browser#AAAAA
+- mullvad-browser#BBBBB
+- tor-browser-build#CCCCC
+#### Affected Platforms
+- [ ] Android
+- [ ] Desktop
+  - [ ] Windows
+  - [ ] macOS
+  - [ ] Linux
+### Type of Issue: What are we dealing with?
+- [ ] Security (sandbox escape, remote code execution, etc)
+- [ ] Proxy Bypass (traffic contents becoming MITM'able)
+- [ ] De-Anonymization (otherwise identifying which website a user is visiting)
+- [ ] Cross-Site Linkability (correlating sessions across circuits and websites)
+- [ ] Disk Leak (persisting session information to disk)
+- [ ] Other (please explain)
+### Involvement: Who needs to be consulted and or involved to fix this?
+- [ ] Applications Developers
+  - [ ] **boklm** : build, packaging, signing, release
+  - [ ] **clairehurst** : Android, macOS
+  - [ ] **dan** : Android, macOS
+  - [ ] **henry** : accessibility, frontend, localisation
+  - [ ] **ma1** : firefox internals
+  - [ ] **pierov** : updater, fonts, localisation, general
+  - [ ] **richard** : signing, release
+  - [ ] **thorin** : fingerprinting
+- [ ] Other Engineering Teams
+  - [ ] Networking (**ahf**, **dgoulet**)
+  - [ ] Anti-Censorship (**meskio**, **cohosh**)
+  - [ ] UX (**donuts**)
+  - [ ] TPA (**anarcat**, **lavamind**)
+- [ ] External Tor Partners
+  - [ ] Mozilla
+  - [ ] Mullvad
+  - [ ] Brave
+  - [ ] Guardian Project (Orbot, Onion Browser)
+  - [ ] Tails
+  - [ ] Other (please list)
+### Urgency: When do we need to act?
+- [ ] **ASAP** :rotating_light: Emergency release :rotating_light:
+- [ ] Next scheduled stable
+- [ ] Next scheduled alpha, then backport to stable
+- [ ] Next major release
+- [ ] Other (please explain)
+#### Justification
+<!-- Provide some paragraph here justifying the logic behind our estimated urgency -->
+### Side-Effects: Who will be affected by a fix for this?
+Sometimes fixes have side-effects: users lose their data, roadmaps need to be adjusted, services have to be upgraded, etc. Please enumerate the known downstream consequences a fix to this issue will likely incur.
+- [ ] End-Users (please list)
+- [ ] Internal Partners (please list)
+- [ ] External Partners (please list)
+## Todo:
+### Communications
+- [ ] Start an initial email thread with the following people:
+  - [ ] **bella**
+  - [ ] Relevant Applications Developers
+  - [ ] **(Optional)** **micah**
+    - if there are considerations or asks outside the Applications Team
+  - [ ] **(Optional)** Other Team Leads
+    - if there are considerations or asks outside the Applications Team
+  - [ ] **(Optional)** **gazebook**
+    - if there are consequences to the organisation or partners beyond a browser update, then a communication plan may be needed
+/cc @bella
+/cc @ma1
+/cc @micah
+/cc @richard
+Godspeed! :pray:

View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/adc4563cc73f12c4572c4c6cf9da5307d7978834

View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/adc4563cc73f12c4572c4c6cf9da5307d7978834
You're receiving this email because of your account on gitlab.torproject.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-commits/attachments/20240409/96f07a9d/attachment-0001.htm>

More information about the tor-commits mailing list