17:59:07 <richard> #startmeeting Tor Browser Release Meeting 2024-12-11 17:59:07 <MeetBot> Meeting started Mon Dec 11 17:59:07 2023 UTC. The chair is richard. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:59:07 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 17:59:15 <richard> pad: https://pad.riseup.net/p/tor-browser-release-meeting-keep 17:59:43 <donuts> / 18:00:19 <richard> ok PieroV looks like you have some discussion points :D 18:00:26 <PieroV> Yes 18:00:48 <PieroV> So, ruihildt[m] told us users complained about MB arriving one week later than TBB 18:01:03 <PieroV> And the reason might be the QA 18:01:15 <PieroV> So, I thought on how to provide QA builds sooner 18:01:41 <PieroV> And I think we can build MB from build1 tags 18:01:50 <PieroV> I.e., not wait for Android backports 18:02:08 <PieroV> Since usually they're Android-only, even though in the past we backported to ESR before Moz 18:02:16 * ruihildt[m] nodes his head (QA and even more QA around weekends) 18:02:43 <ma1> It does make sense. Even if we needed to backport something (like a PB / RFP bug which wasn't deemed critical enough for esr) it's unlikely to affect QA 18:02:45 <PieroV> (i.e., we backported a patch and Moz backported it just for the ESR that came after the one in which we backported) 18:02:58 <PieroV> Also what ma1 says 18:03:22 <PieroV> And since we don't need to wait for Android backports, we could slightly change our process for release builds 18:03:46 <richard> this seems reasonable 18:03:51 <PieroV> We more or less know a lot earlier which backports of our changes we want in a release 18:03:58 <PieroV> We don't have to wait for the rebase 18:04:08 <PieroV> But we can rebase after having already cherry-picked 18:04:20 <PieroV> Therefore, also changelogs are predictable enough 18:04:38 <PieroV> So, we could prepare the release before rebasing 18:04:44 <richard> I *do* like the idea of rebasing+tagging being the last step before building 18:04:58 <PieroV> E.g., we're expecting tags (they could come in a few hours, or tomorrow) 18:05:07 <PieroV> We could've prepared the release already 18:05:33 <richard> however long term we're going to run into this same problem again when mullvad-browser for android is a thing 18:05:36 <PieroV> Not too early, but ideally on Monday of the week before the release 18:05:47 <PieroV> Well, it depends if we switch to RR 18:06:03 <PieroV> Switching back to RR for Android eventually could be a wise choice 18:06:30 <PieroV> Or we could build twice 18:06:50 <PieroV> Hoping we're blessed and we don't have to backport 18:06:56 <PieroV> Then, if we have, we tag and build build2 18:07:21 <PieroV> In the meantime, we could wire Mullvad's CI 18:07:33 <PieroV> So that they don't have to wait for us for unsigned builds for testing 18:08:32 <ruihildt[m]> How do we know we're testing the right build? Is there a risk we test builds that aren't reproducible? 18:09:21 <richard> so there is risk that the build won't be reproducible 18:09:23 <PieroV> Repro problems usually are rare on the release channels 18:09:33 <PieroV> * channel 18:10:08 <PieroV> But we could also have a CI for release builds, FWIW 18:10:12 <richard> but historically i don't think i've ever seen a reproducibility bug which affected application behaviour 18:10:32 <PieroV> And hashes locations are quite predictable 18:10:37 <ruihildt[m]> PieroV: I like that idea. 18:10:48 <PieroV> I regularly test on my own if the build on tb-build-02/03 matches mine 18:10:54 <PieroV> I even wrote a quick script to do it 18:11:33 <PieroV> We could polish so that you can run it to verify if the builds produced in your ci match 18:11:50 <ruihildt[m]> If we could automate building browser on both infra, when it needs to be done, it seem sideal 18:13:50 <richard> we spoke w/ jag about this briefly in gothenburg; iirc if your infra built on new tor-browser-build tags then that will give you exactly what you need to test 18:14:08 <richard> in general, speaking of releasing and coordination 18:14:35 <richard> how can we improve the release pipeline on your end 18:15:01 <richard> i imagine it kind of sucks for your QA team to receive 'you've a build to test' emails unpredictably 18:16:15 <ruihildt[m]> To have a release date ahead of time would be nice. so we can make sure, our QA is available. 18:17:49 <ruihildt[m]> Lately we've had multiple small delays due to the template email not being followed, or because the process was somehow not documented? Or because tags were missing on our Github. 18:18:14 <ruihildt[m]> I'm not sure what there is to improve there. 18:18:29 <ma1> Given the process above, Thursday after the tags is the worst-case date for a test build, right? 18:18:40 <ma1> RC I mean 18:18:50 <ruihildt[m]> Or also, because we needed signed builds, but the right people were not available. 18:18:56 <ruihildt[m]> to sign 18:19:23 <ma1> Ah right, because the MB rc needs to be signed (for MacOS testing) 18:19:54 <ruihildt[m]> If builds arrive without warning on Thursday, someone might or might not be able to test. If it collides with a Mullvad VPN App QA session, it might be an issue. 18:19:54 <richard> and release signing (currently) can only be done by myself and boklm 18:20:30 <richard> so stable releases are fairly reliably in-line with the firefox release calendar ( https://whattrainisitnow.com/calendar/ ) 18:20:48 <ruihildt[m]> This is why I'm talking about giving us a date. 18:21:10 <ruihildt[m]> I know there's the caendar, but I haven't been able to estimate the MB release from it. 18:21:43 <PieroV> Yep, we're not very predictable in terms of starting a build 18:21:50 <ma1> So, how would "the Thursday before Firefox release (which is always on Tuesday)" work? 18:22:21 <PieroV> But so far we've been quite reliable on having the rebase ready on the Tuesday before the release week 18:22:36 <PieroV> So, doing the rebase as a last step should help for predictability also on builds 18:22:43 <ruihildt[m]> I'll needto ask the QA team about it. 18:23:40 <richard> agreed 18:23:44 <richard> re doing rebase last 18:25:27 <ruihildt[m]> Regarding the automation part of the build, what do you need from me? 18:25:27 <ruihildt[m]> I think JB mentioned we couldn't leverage our existing Drone CI instance, we might need to create another one. 18:26:02 <PieroV> Do you want us to setup a webhook to signal you? 18:26:21 <PieroV> I think it's the most we can do for active notifications, otherwise you'll have to poll in some way 18:26:50 <ruihildt[m]> I'm not the right person to talk about this I'm afraid. I'll talk again to JB about it tomorrow. 18:27:51 <PieroV> Yes, sorry, I thought you meant also needs from you as you relaying the request :) 18:27:55 <richard> we can easily add another email to the 'Email on push" webhook 18:27:55 <ruihildt[m]> And regarding the signing, since we know optimistically that a build is going to be released at a set date, can we make sure someone is available to do it? 18:28:47 <PieroV> Yes, also emails, and actually a few other integrations, even though I think webhook are the easiest to parse ^_^ 18:29:13 <ruihildt[m]> I think I can use a webhook for slack. 18:29:16 <ruihildt[m]> also 18:29:38 <ruihildt[m]> if we can do without the email through my inbox stuff, that woud be good as well 18:30:08 <richard> oh yeah there's Slack notifacation integrations builtin to gitlab apparently 18:30:34 <PieroV> ruihildt[m]: would automation be completely automatic, or would JB or someone else still need to launch the build? 18:31:09 <ruihildt[m]> I don't know. :) I would prefer to launch it automatically obviously. 18:33:51 <richard> ok, i've added a set of TODOs on our end in the pad 18:34:57 <ruihildt[m]> I don't remember how we landed there, but would it make sense to revisit pushing the tags+branch automatically? 18:35:04 <richard> ruihidlt[m]: the main things we need from y'all is basically stuffs dependant on JB; how to notify you of new build tags to build and all the automation required to get that going 18:35:04 <ruihildt[m]> to Github 18:36:18 <ruihildt[m]> And QA for the Thursday release. ma1 Do you have a more precise time of release (morning or afternoon UTC)? 18:37:01 <richard> so the inefficiency there is bad release documentation; pushing branch+tags to github should happen as part of the rebase 18:37:06 <richard> rather than the *last* step in the whole process 18:37:20 <PieroV> I think it's also a problem of missing permissions 18:37:27 <richard> that too 18:37:34 <PieroV> I think I can't push to GitHub, whereas I can push everywhere on tpo/applications 18:37:53 <PieroV> And often I'm rebasing, so I'm also pushing/merging 18:37:56 <richard> we should probably add anyone who can push to tor-browser gitlab projects to the mullvad-browser github repo as well 18:37:57 <PieroV> Esp. if ma1 reviews 18:38:10 <ruihildt[m]> Is there a way to automate this? 18:38:33 <richard> not really, the tags are pgp signed by the devs doing the rebase 18:39:00 <ruihildt[m]> I meant once the tags are added to the gitlab, automatically push them to github 18:39:00 <PieroV> I think GitHub can set to mirror 18:39:04 <ma1> ruihildt[m], re time: since the last step is signing, it mainly depends on the timezone of the available person(s) 18:39:08 <PieroV> And maybe also GitLab can push 18:39:42 <richard> hmmm true 18:40:12 <ruihildt[m]> ma1: Because if signing happens during the afternoon, it the same thing as saying the release is happening on Friday from our POV. 18:40:45 <ruihildt[m]> People tend to go home from 3/4PM CET 18:41:55 <ruihildt[m]> To have any QA done on Thursday, a build should be ready by 1PM CET 18:42:22 <ma1> Soo, let's say we have fixed date to start relprep on Monday (Firefox tags or not), a fixed date to finish the rebase and start building on Tuesday night, and a fixed date to sign on Wednesday ~18 UTC (after the All Hands): is this too tight? 18:42:43 <PieroV> ruihildt[m]: would it be possible to test macOS a little bit later in case? 18:43:08 <PieroV> Does the build need to be signed by us? (e.g., a check on the signing details themselves) 18:43:22 <PieroV> Or would self-signed builds also be okay? 18:44:15 <ruihildt[m]> So once QA is done, then JB needs to manually upload the files on our cdn, and the signing check happens at the same time. 18:45:02 <ruihildt[m]> I'll come back to you as well on the self-signed builds. 18:45:26 <ruihildt[m]> Because note everybody has access to all test machines, QA is spread between multiple people. 18:45:47 <richard> self-signed for macOS would let QA get a head-start 18:46:16 <ruihildt[m]> self signed for Macos still needs to execute a script and whatnot, right? 18:46:38 <PieroV> Yes, but if it can help we can try to improve it 18:47:01 <ruihildt[m]> Ok, yes definitely. 18:47:15 * ma1 wonders whether Mullvad has their own Apple Developer cert and can sign their MacOS RC on their side 18:47:19 <ruihildt[m]> Having to go in some specific subfolder and so on is still a pain. 18:47:25 <PieroV> ma1: I was about to say that 18:47:36 <ruihildt[m]> Good question ma1, you get 5 internet points. 18:47:58 <ruihildt[m]> I'll ask. 18:48:13 <ma1> I assume the answer would be likely yes: https://mullvad.net/en/download/vpn/macos 18:48:13 <PieroV> (timecheck: 10 minutes and we have another quick point) 18:48:45 <ruihildt[m]> But it's another server altogether, so I'm not sure what would need to be done in practice. 18:49:00 <richard> and signing certs+notarisation tokens are pretty easy to acquire from the dev portal 18:49:01 <ruihildt[m]> another build server and environment 18:49:28 <ruihildt[m]> I will definitely ask 18:50:09 <richard> ok next point 18:50:30 <PieroV> What's the plan for 13.5a3? 18:50:35 <PieroV> Things to consider: 18:50:43 <PieroV> 1. the opt-in for the new backend 18:50:56 <PieroV> 2. we have a break, and if 1 goes badly we might not be very present to fix it 18:51:19 <PieroV> Also, 13.5a3 brings the fix to the wayland crash on alpha 18:52:36 <richard> so i don't think i'm too worried about breaking alpha users 18:52:55 <richard> re the new backend on android 18:54:04 <PieroV> Should we wait to get the opt-in merged? 18:54:18 <PieroV> I don't think it'll take a long time 18:55:27 <richard> i'm not sure 18:55:44 <PieroV> It'll help me play with it during the break :) 18:55:47 <richard> i think we should get it in asap for our own development purposes 18:55:49 <PieroV> I like dogfooding 18:55:59 <richard> perhaps we can gate the toggle on a pref 18:56:00 <PieroV> But I hate doing it on nightly on Android 18:56:05 <richard> yeah exactly^ 18:56:09 <ruihildt[m]> (woof woof) 18:56:10 <PieroV> The backend is gated 18:56:16 <PieroV> Already with a pref 18:56:34 <richard> i meant gate the UX allowing the toggle on a pref 18:56:53 <richard> but honestly i'm ok with users playing around with it 18:56:57 <PieroV> That is less easy 18:56:59 <richard> it is the alpha channela fter all 18:57:09 <PieroV> Okay, so business as usual? 18:57:13 <richard> yeah I think so 18:57:16 <PieroV> I.e., best effort to get it before the break? 18:57:41 <richard> yeah if it comes late i'll sign over the weekend 18:57:58 <PieroV> ack 18:58:00 <richard> but let's get mullvad-browser alpha out the door asap next week so QA isn't sad over the holidays 18:58:13 <PieroV> also, if we break Android users are still able to get updates 18:58:17 <PieroV> It isn't as tragic as desktop 18:58:23 <PieroV> That once broken we can't even serve updates 18:58:23 <richard> truuue 18:58:38 <ma1> praise be Google...??? 18:59:16 <richard> lol 18:59:17 <richard> ok 18:59:20 <richard> we're a minute over 18:59:26 <richard> sorry whoever comes after if anyone 18:59:30 <richard> later y'all o/ 18:59:33 <richard> #endmeeting