Bug 41676: Set privacy.resistFingerprinting.testing.setTZtoUTC as a defense-in-depth.
Merge Info
Related Issues
- #41676 (closed)
- mullvad-browser#xxxxx
- tor-browser-build#xxxxx
Backporting
Timeline
-
Immediate: patchset needed as soon as possible -
Next Minor Stable Release: patchset that needs to be verified in nightly before backport -
Eventually: patchset that needs to be verified in alpha before backport -
No Backport (preferred): patchset for the next major stable
(Optional) Justification
-
Emergency security update: patchset fixes CVEs, 0-days, etc -
Censorship event: patchset enables censorship circumvention -
Critical bug-fix: patchset fixes a bug in core-functionality -
Consistency: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc -
Sponsor required: patchset required for sponsor -
Localization: typos and other localization changes that should be also in the release branch -
Other: trivial enough
Merging
-
Merge to tor-browser
-!fixups
totor-browser
-specific commits, new features, security backports -
Merge to base-browser
-!fixups
tobase-browser
-specific commits, new features to be shared withmullvad-browser
, and security backports-
NOTE: if your changeset includes patches to both
base-browser
andtor-browser
please clearly label in the change description which commits should be cherry-picked tobase-browser
after merging
-
NOTE: if your changeset includes patches to both
Issue Tracking
-
Link resolved issues with appropriate Release Prep issue for changelog generation
Review
Request Reviewer
-
Request review from an applications developer depending on modified system: - ma1 since he worked quite a bit on TZs.
Change Description
We can set this pref to true as a defense-in-depth.
Everything that can be influenced by the TZ
environment variable will be then forced to Atlantic/Reykjavik.
How Tested
See the issue.