We've reordered/squashed bits of our patch set during #31918 (closed). We should do this again once we have the rebasing to esr78 done and are happy with the results.
@acat noted in #33533 (closed): One example that comes to my mind for this is the security level patch, which introduces a localization mecanism which is later replaced by TorStrings.jsm in the #31286 (closed) patch.
Additionally, there are firefox-branding.js changes that moved to the updater related patch. We might want to think about something that's less surprising.
Another thing that we might want to move: in the patch for #27802
(enabling the limited UITour) we not only deal with uitour related
permissions but touch the install ones, too, which are unrelated. Might
be worth doing that elsewhere, in particular given that the old
onboarding might soon go away anyway (but presumably not those
permission changes).
Another piece worth considering is solving the underlying problem that led to #40035 (closed). We might want to have all the TorString related pieces already in the first relevant commit, so that we don't have change the same things in more than one commit which seems quite error-prone...
Apart from the TorStrings.jsm and firefox-branding.js related changes, I tried to do some other changes aiming to remove dependencies between commits that should not be there (textual but not semantic dependencies). My idea was to make patches as independent as possible from each other, so that these can be cherry picked in any order and also individually (for example, to keep track of which Firefox tests fail for a specific patch). I did not do this in an exhaustive way, for example: the Onion-Location, onion alias, client auth patches and others are still dependent among other things because they share the same browser/components/onionservices path. If we think this is a good thing to pursuit, I could do another iteration trying to make the patches even more independent.
40024+8: Remove textual dependency between "Integrate Tor Launcher" and "Don't block our unsigned extensions"
Separate changes in XPIDatabase.jsm as much as possible to avoid conflicts and make the two commits independent.
If I see that right then the only possible side-effect of that change is a one-time warning about Tor Launcher not being properly signed after the update to a version containing your proposed re-ordering. If that's the case then how is the code you moved reachable anyway given that the failed signature check already results in a return false;? (I am assuming addon.isCorrectlySigned is actually false in that case but have not checked. But I know we always worked around that check in the past/present when dealing with signature exemptions)
(Thanks for the different branches and comments about what changed and why, splitting the changes up that way with explanations was super helpful.)