Skip to content
Snippets Groups Projects
Commit bbfaec38 authored by Gaba's avatar Gaba :flag_ps: Committed by Beatriz Rizental
Browse files

Adding issue and merge request templates

parent 2fe6ba7e
Branches
Tags
1 merge request!1507Rebase Tor Browser onto 136.0a1
Show whitespace changes
Inline Side-by-side
Showing
with 528 additions and 0 deletions
.gitlab/issue_templates/Backport.md 0 → 100644
+ 31
0
View file @ bbfaec38
<!--
Title:
Backport tor-browser#12345: Title of Issue
Backport Bugzilla 1234567: Title of Issue
This is an issue for tracking back-porting a patch-set (e.g. from Alpha to Stable or from Mozilla Rapid-Release to Alpha)
-->
## Backport Patchset
### Book-keeping
#### Issue(s)
- tor-browser#12345
- mullvad-browser#123
- https://bugzilla.mozilla.org/show_bug.cgi?id=1234567
#### Merge Request(s)
- tor-browser!123
#### Target Channels
- [ ] Alpha
- [ ] Stable
- [ ] Legacy
### Notes
<!-- whatever additional info, context, etc that would be helpful for backporting -->
/label ~"Apps::Type::Backport"
.gitlab/issue_templates/Emergency Security Issue.md 0 → 100644
+ 90
0
View file @ bbfaec38
**NOTE** This is an issue template to standardise our process for responding to and fixing critical security and privacy vulnerabilities, exploits, etc.
## Information
### Related Issue
- tor-browser#AAAAA
- mullvad-browser#BBBBB
- tor-browser-build#CCCCC
#### Affected Platforms
- [ ] Android
- [ ] Desktop
- [ ] Windows
- [ ] macOS
- [ ] Linux
### Type of Issue: What are we dealing with?
- [ ] Security (sandbox escape, remote code execution, etc)
- [ ] Proxy Bypass (traffic contents becoming MITM'able)
- [ ] De-Anonymization (otherwise identifying which website a user is visiting)
- [ ] Cross-Site Linkability (correlating sessions across circuits and websites)
- [ ] Disk Leak (persisting session information to disk)
- [ ] Other (please explain)
### Involvement: Who needs to be consulted and or involved to fix this?
- [ ] Applications Developers
- [ ] **boklm** : build, packaging, signing, release
- [ ] **clairehurst** : Android, macOS
- [ ] **dan** : Android, macOS
- [ ] **henry** : accessibility, frontend, localisation
- [ ] **ma1** : firefox internals
- [ ] **pierov** : updater, fonts, localisation, general
- [ ] **richard** : signing, release
- [ ] **thorin** : fingerprinting
- [ ] Other Engineering Teams
- [ ] Networking (**ahf**, **dgoulet**)
- [ ] Anti-Censorship (**meskio**, **cohosh**)
- [ ] UX (**donuts**)
- [ ] TPA (**anarcat**, **lavamind**)
- [ ] External Tor Partners
- [ ] Mozilla
- [ ] Mullvad
- [ ] Brave
- [ ] Guardian Project (Orbot, Onion Browser)
- [ ] Tails
- [ ] Other (please list)
### Urgency: When do we need to act?
- [ ] **ASAP** :rotating_light: Emergency release :rotating_light:
- [ ] Next scheduled stable
- [ ] Next scheduled alpha, then backport to stable
- [ ] Next major release
- [ ] Other (please explain)
#### Justification
<!-- Provide some paragraph here justifying the logic behind our estimated urgency -->
### Side-Effects: Who will be affected by a fix for this?
Sometimes fixes have side-effects: users lose their data, roadmaps need to be adjusted, services have to be upgraded, etc. Please enumerate the known downstream consequences a fix to this issue will likely incur.
- [ ] End-Users (please list)
- [ ] Internal Partners (please list)
- [ ] External Partners (please list)
## Todo:
### Communications
- [ ] Start an initial email thread with the following people:
- [ ] **bella**
- [ ] Relevant Applications Developers
- [ ] **(Optional)** **micah**
- if there are considerations or asks outside the Applications Team
- [ ] **(Optional)** Other Team Leads
- if there are considerations or asks outside the Applications Team
- [ ] **(Optional)** **gazebook**
- if there are consequences to the organisation or partners beyond a browser update, then a communication plan may be needed
/cc @bella
/cc @ma1
/cc @micah
/cc @richard
/confidential
Godspeed! :pray:
.gitlab/issue_templates/QA - Android.md 0 → 100644
+ 71
0
View file @ bbfaec38
Manual QA test check-list for major android releases. Please copy/paste form into your own comment, fill out relevant info and run through the checklist!
<details>
<summary>Tor Browser Android QA Checklist</summary>
```markdown
# System Information
- Version: Tor Browser XXX
- OS: Android YYY
- Device + CPU Architecture: ZZZ
# Features
## Base functionality
- [ ] Tor Browser launches successfully
- [ ] Connects to the Tor network
- [ ] Localisation (Browser chrome)
- [ ] Check especially the recently added strings
- [ ] Toolbars and menus work
- [ ] Fingerprinting resistance: https://arkenfox.github.io/TZP/tzp.html
- [ ] Security level (Standard, Safer, Safest)
- **TODO**: test pages verifying correct behaviour
## Proxy safety
- [ ] Tor exit test: https://check.torproject.org
- [ ] Circuit isolation
- Following websites should all report different IP addresses
- https://ifconfig.io
- https://myip.wtf
- https://wtfismyip.com
- [ ] DNS leaks: https://dnsleaktest.com
## Connectivity + Anti-Censorship
- [ ] Bridges:
- Bootstrap
- Browse: https://check.torproject.org
- [ ] Default bridges:
- [ ] obfs4
- [ ] meek
- [ ] snowflake
- [ ] User provided bridges:
- [ ] obfs4 from https://bridges.torproject.org
- [ ] webtunnel from https://bridges.torproject.org
- [ ] conjure from [gitlab](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/-/blob/main/client/torrc?ref_type=heads#L6)
## Web Browsing
- [ ] HTTPS-Only: http://http.badssl.com
- [ ] .onion:
- [ ] torproject.org onion: http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/
- [ ] Onion service errors
- [ ] invalid onion: http://invalid.onion
- [ ] onion offline: http://wfdn32ds656ycma5gvrh7duvdvxbg2ygzr3no3ijsya25qm6nnko4iqd.onion/
- [ ] onion baddssl: https://gitlab.torproject.org/tpo/applications/team/-/wikis/Development-Information/BadSSL-But-Onion
- **TODO** all the identity block states
- **TODO** client auth
- [ ] **TODO**: .securedrop.tor.onion
- [ ] **TODO**: onion-service alt-svc
- [ ] HTML5 Video: https://tekeye.uk/html/html5-video-test-page
- [ ] MPEG4
- [ ] WebM
- [ ] Ogg
- [ ] WebSocket Test: https://websocketking.com/
## External Components
- [ ] NoScript
- [ ] Latest Version: https://addons.mozilla.org/en-US/firefox/addon/noscript/
- [ ] Not removable from about:addons
- [ ] Tests: https://test-data.tbb.torproject.org/test-data/noscript/
- **TODO**: fix test pages
```
</details>
.gitlab/issue_templates/QA - Desktop.md 0 → 100644
+ 164
0
View file @ bbfaec38
Manual QA test check-list for major desktop releases. Please copy/paste form into your own comment, fill out relevant info and run through the checklist!
<details>
<summary>Tor Browser Desktop QA Checklist</summary>
```markdown
# System Information
- Version: Tor Browser XXX
- OS: Windows|macOS|Linux YYY
- CPU Architecture:
- Profile: New|Old
# Features
## Base functionality
- [ ] Tor Browser launches successfully
- [ ] Connects to the Tor network
- [ ] Homepage loads:
- [ ] about:tor
- [ ] about:blank
- [ ] custom
- [ ] Tor Browser loads URLs passed by command-line after bootstrapped
- [ ] Localisation (Browser chrome)
- [ ] Language notification/message bar
- [ ] Spoof English
- [ ] Check especially the recently added strings
- [ ] UI Customisations:
- [ ] New Identity
- [ ] Toolbar icon
- [ ] Hamburger menu
- [ ] File menu
- [ ] New circuit for this site
- [ ] Circuit display
- [ ] Hamburger menu
- [ ] File menu
- [ ] No Firefox extras (Sync, Pocket, Report broken site, Tracking protection, etc)
- [ ] No unified extensions button (puzzle piece)
- [ ] NoScript button hidden
- [ ] Context Menu Populated
- [ ] Fingerprinting resistance: https://arkenfox.github.io/TZP/tzp.html
- [ ] Security level (Standard, Safer, Safest)
- Displays in:
- toolbar icon
- toolbar panel
- about:preferences#privacy
- [ ] On switch, each UI element is updated
- [ ] On custom config (toggle `svg.disabled`)
- [ ] each UI element displays warning
- [ ] `Restore defaults` reverts custom prefs
- **TODO**: test pages verifying correct behaviour
- [ ] New identity
- [ ] Betterboxing
- [ ] Reuse last window size
- [ ] Content alignment
- [ ] No letterboxing:
- [ ]empty tabs or privileged pages (eg: about:blank, about:about)
- [ ] full-screen video
- [ ] pdf viewer
- [ ] reader-mode
- [ ] Downloads Warning
- [ ] Downloads toolbar panel
- [ ] about:downloads
- [ ] Library window (<kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>o</kbd>)
- [ ] Drag and Drop protections:
- [ ] Dragging a link from a tab to another tab in the same window works
- [ ] Dragging a link from a tab to another tab in a separate window works
- [ ] Dragging a link into the library creates a bookmark
- [ ] Dragging a link from Tor Browser to Firefox doesn't work
- [ ] Dragging a link from Firefox to Tor Browser works
- [ ] Dragging a link from Tor Browser to another app (e.g., text editor) doesn't work
- [ ] Repeat with page favicon
## Proxy safety
- [ ] Tor exit test: https://check.torproject.org
- [ ] Circuit isolation
- Following websites should all report different IP addresses
- https://ifconfig.io
- https://myip.wtf
- https://wtfismyip.com
- [ ] DNS leaks: https://dnsleaktest.com
- [ ] Circuit Display
- [ ] Website => circuit
- [ ] Remote PDF => circuit
- [ ] Remote image => circuit
- [ ] .onion Website => circuit with onion-service relays
- [ ] .tor.onion Website => circuit with onion-service relays, link to true onion address
- http://ft.securedrop.tor.onion
- [ ] Website in reader mode => circuit (same as w/o reader mode)
- [ ] Local image => no circuit
- [ ] Local SVG with remote content => catch-all circuit, but not shown
- [ ] Local PDF => no circuit
- [ ] Local HTML `file://` with local resources => no circuit
- [ ] Local HTML `file://` with remote resources => catch-all circuit, but not shown
## Connectivity + Anti-Censorship
- [ ] Tor daemon config by environment variables
- https://gitlab.torproject.org/tpo/applications/team/-/wikis/Environment-variables-and-related-preferences
- [ ] Internet Test ( about:preferences#connection )
- [ ] Fails when offline
- [ ] Succeeds when online
- [ ] Bridges:
- Bootstrap
- Browse: https://check.torproject.org
- Bridge node in circuit-display
- Bridge cards
- Disable
- Remove
- [ ] Default bridges:
- [ ] Removable as a group, not editable
- [ ] obfs4
- [ ] meek
- [ ] snowflake
- [ ] User provided bridges:
- [ ] Removable and editable individually
- [ ] obfs4 from https://bridges.torproject.org
- [ ] webtunnel from https://bridges.torproject.org
- [ ] conjure from [gitlab](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conjure/-/blob/main/client/torrc?ref_type=heads#L6)
- [ ] Request bridges...
- [ ] Removable as a group, but not editable
- [ ] Succeeds when bootstrapped
- [ ] Succeeds when not bootstrapped
- **TODO**: Lox
- [ ] Connect Assist
- Useful pref: `torbrowser.debug.censorship_level`
- [ ] Auto-bootstrap updates Tor connection settings on success
- [ ] Auto-bootstrap restore previous Tor connection settings on failure
## Web Browsing
- [ ] HTTPS-Only: http://http.badssl.com
- [ ] Crypto-currency warning on http website
- **TODO**: we should provide an example page
- [ ] .onion:
- [ ] torproject.org onion: http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/
- [ ] Onion-Location pill
- [ ] Client authentication
- You can create an ephemeral client-auth onion-service using [onion share](https://onionshare.org)
- [ ] Remember key option saves the key between sessions.
- [ ] Saved keys are viewable in preferences (privacy).
- [ ] Can remove individual keys.
- [ ] Can remove all keys at once.
- [ ] Onion service errors
- [ ] invalid onion: http://invalid.onion
- [ ] onion offline: http://wfdn32ds656ycma5gvrh7duvdvxbg2ygzr3no3ijsya25qm6nnko4iqd.onion/
- [ ] onion baddssl: https://gitlab.torproject.org/tpo/applications/team/-/wikis/Development-Information/BadSSL-But-Onion
- **TODO** all the identity block states
- **TODO** client auth
- [ ] **TODO**: .securedrop.tor.onion
- [ ] **TODO**: onion-service alt-svc
- [ ] HTML5 Video: https://tekeye.uk/html/html5-video-test-page
- [ ] MPEG4
- [ ] WebM
- [ ] Ogg
- [ ] WebSocket Test: https://websocketking.com/
## External Components
- [ ] NoScript
- [ ] Latest Version: https://addons.mozilla.org/en-US/firefox/addon/noscript/
- [ ] Not removable from about:addons
- [ ] Tests: https://test-data.tbb.torproject.org/test-data/noscript/
- **TODO**: fix test pages
```
</details>
.gitlab/issue_templates/Uplift.md 0 → 100644
+ 26
0
View file @ bbfaec38
<!--
Title:
Uplift tor-browser#12345: Title of Issue
This is an issue for tracking uplift of a patch-set to Firefox
-->
## Uplift Patchset
### Book-keeping
#### Gitlab Issue(s)
- tor-browser#12345
- mullvad-browser#123
#### Merge Request(s)
- tor-browser!123
#### Upstream Mozilla Issue(s):
- https://bugzilla.mozilla.org/show_bug.cgi?id=12345
### Notes
<!-- whatever additional info, context, etc that would be helpful for uplifting -->
/label ~"Apps::Type::Uplift"
.gitlab/issue_templates/bug.md 0 → 100644
+ 32
0
View file @ bbfaec38
<!--
* Use this issue template for reporting a new bug.
-->
### Summary
**Summarize the bug encountered concisely.**
### Steps to reproduce:
**How one can reproduce the issue - this is very important.**
1. Step 1
2. Step 2
3. ...
### What is the current bug behavior?
**What actually happens.**
### What is the expected behavior?
**What you want to see instead**
### Environment
**Which operating system are you using? For example: Debian GNU/Linux 10.1, Windows 10, Ubuntu Xenial, FreeBSD 12.2, etc.**
**Which installation method did you use? Distribution package (apt, pkg, homebrew), from source tarball, from Git, etc.**
### Relevant logs and/or screenshots
/label ~"Apps::Type::Bug"
.gitlab/merge_request_templates/Rebase.md 0 → 100644
+ 23
0
View file @ bbfaec38
## Merge Info
<!-- Bookkeeping information for release management -->
### Rebase Issue
- tor-browser#xxxxx
- mullvad-browser#xxxxx
### Release Prep Issue
- tor-browser-build#xxxxx
### Issue Tracking
- [ ] Link rebase issue with appropriate [Release Prep issue](https://gitlab.torproject.org/groups/tpo/applications/-/issues/?sort=updated_desc&state=opened&label_name%5B%5D=Apps%3A%3AType%3A%3AReleasePreparation&first_page_size=20) for changelog generation
### Review
#### Request Reviewer
- [ ] Request review from a release engineer: boklm, dan, ma1, morgan, pierov
#### Change Description
<!-- Any interesting notes about the rebase and an overview of what the reviewer should expect from the diff of diffs and range-diff -->
.gitlab/merge_request_templates/default.md 0 → 100644
+ 91
0
View file @ bbfaec38
## Merge Info
<!-- Bookkeeping information for release management -->
### Issues
#### Resolves
- tor-browser#xxxxx
- mullvad-browser#xxxxx
- tor-browser-build#xxxxx
#### Related
- tor-browser#xxxxx
- mullvad-browser#xxxxx
- tor-browser-build#xxxxx
### Merging
<!-- This block tells the merger where commits need to be merged and future code archaeologists where commits were *supposed* to be merged -->
#### Target Branches
- [ ] **`tor-browser`** - `!fixups` to `tor-browser`-specific commits, new features, security backports
- [ ] **`base-browser`** *and* **`mullvad-browser`** - `!fixups` to `base-browser`-specific commits, new features to be shared with `mullvad-browser`, and security backports
- ⚠️ **IMPORTANT**: Please list the `base-browser`-specific commits which need to be cherry-picked to the `base-browser` and `mullvad-browser` branches here
#### Target Channels
- [ ] **Alpha**: esr128-14.5
- [ ] **Stable**: esr128-14.0
- [ ] **Legacy**: esr115-13.5
### Backporting
#### Timeline
- [ ] **No Backport (preferred)**: patchset for the next major stable
- [ ] **Immediate**: patchset needed as soon as possible (fixes CVEs, 0-days, etc)
- [ ] **Next Minor Stable Release**: patchset that needs to be verified in nightly before backport
- [ ] **Eventually**: patchset that needs to be verified in alpha before backport
#### (Optional) Justification
- [ ] **Security update**: patchset contains a security fix (be sure to select the correct item in _Timeline_)
- [ ] **Censorship event**: patchset enables censorship circumvention
- [ ] **Critical bug-fix**: patchset fixes a bug in core-functionality
- [ ] **Consistency**: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc
- [ ] **Sponsor required**: patchset required for sponsor
- [ ] **Localization**: typos and other localization changes that should be also in the release branch
- [ ] **Other**: please explain
### Upstream
- [ ] Patchset is a candidate for uplift to Firefox
- [ ] Patchset is a backport from Firefox
- Bugzilla link:
- Upstream commit:
### Issue Tracking
- [ ] Link resolved issues with appropriate [Release Prep issue](https://gitlab.torproject.org/groups/tpo/applications/-/issues/?sort=updated_desc&state=opened&label_name%5B%5D=Apps%3A%3AType%3A%3AReleasePreparation&first_page_size=100) for changelog generation
### Review
#### Request Reviewer
- [ ] Request review from an applications developer depending on modified system:
- **NOTE**: if the MR modifies multiple areas, please `/cc` all the relevant reviewers (since Gitlab only allows 1 reviewer)
- **accessibility** : henry
- **android** : clairehurst, dan
- **build system** : boklm
- **extensions** : ma1
- **firefox internals (XUL/JS/XPCOM)** : jwilde, ma1
- **fonts** : pierov
- **frontend (implementation)** : henry
- **frontend (review)** : donuts, morgan
- **localization** : henry, pierov
- **macOS** : clairehurst, dan
- **nightly builds** : boklm
- **rebases/release-prep** : dan, ma1, pierov, morgan
- **security** : jwilde, ma1
- **signing** : boklm, morgan
- **updater** : pierov
- **windows** : jwilde, morgan
- **misc/other** : pierov, morgan
#### Change Description
<!-- Whatever context the reviewer needs to effectively review the patchset; if the patch includes UX updates be sure to include screenshots/video of how any new behaviour -->
#### How Tested
<!-- Description of steps taken to verify the change -->
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment