Re: [Tails-dev] Timing of the move to FF24

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: Mike Perry
CC: tails-dev
Subject: Re: [Tails-dev] Timing of the move to FF24
Hi Mike,

thanks for this prompt answer, and tons of useful information.
This is very helpful.

I'll try to play with Torbutton 1.6 (and possibly the launcher in
disabled mode) ASAP. I hope we won't have to bug you too much :)

More below.

Mike Perry wrote (25 Sep 2013 02:37:38 GMT) :
> You can also try including Tor Launcher in with
> extensions.torlauncher.start_tor set to false, but it still may
> complain if you don't set the TOR_CONTROL_PORT and
> TOR_CONTROL_PASSWD env vars anyway.


We set:

TOR_CONTROL_COOKIE_AUTH_FILE='/var/run/tor/control.authcookie'
TOR_CONTROL_HOST='127.0.0.1'
TOR_CONTROL_PORT='9051'

Good enough?

(Well, "good" is perhaps not the right word, since it means that
arbitrary code exec in FF => "real" IP disclosure, for some classes of
attackers. We've in mind to insert a filtering proxy in front of the
control port at some point, but we're not there yet. Whonix has
something like this.)

> Do you have a schedule link for the ESR release date btw? I can't find
> the release calendar I used to have.


The ESR overview [1] says that we are given 2 cycles of overlap with
both FF17 and FF24 being supported. We're now in the first such cycle.
FF24 was out on week 38, so FF17 will be EOL'd on week 50
(December 10). The Release page [2] on Mozilla wiki is also
quite useful.

[1] https://www.mozilla.org/en-US/firefox/organizations/faq/
[2] https://wiki.mozilla.org/Releases

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc