We have a new signing key which results in a new ID on the token.

We add instructions covering our signing procedures

boklm authored Jun 06, 2017 and Georg Koppen committed Jun 07, 2017

Change update_2 to update_3, and use aus1.tpo instead of dist.tpo.

iSEC suggested to diff the preference files of a vanilla Firefox ESR and
the Tor Browser one to catch issues that might have fallen through the
cracks during the feature review.

We use the tor-announce mailing list to get more users notified when
when a new stable release is getting out

Still XPCOM remains, but that is relatively lower risk.

Thanks to a cypherpunk who suggested looking for missing intermediate
certificates. And thanks to a second cypherpunk (who might be the same
as the first one) for preparing a patch.

We set an expiry date of 5 years in the future for the certification
key and 2 years for subkeys.

The GENERAL document contains notes about a new procedure for reviewing
new features in Firefox releases for the next ESR Tor Browser will be
based on. The document is named GENERAL as we might want to describe
other parts of the audit process at some point, too, making this a proper
documentation of the audit process itself.

Also add a step to verify gpg sigs on mirror transfer.

Still need to finish XPCOM socket auditing.

Also some minor tweaks and updates.