Release 2017.8.31 forthcoming

[Hainish]

cc @jsha @pde @J0WI @diracdeltas @jeremyn @gloomy-ghost

This release fixes a race condition that effects the setting of global variables. See https://github.com/EFForg/https-everywhere/pull/12268

Tor Browser is not effected. Anyone using storage.sync will be effected by this change. Anyone who has previously changed a global variable (counter, addon on/off state, http nowhere toggle) will now see this change persisting across restarts.

[gloomy-ghost]

Just a reminder, please don't forget to run the hsts-prune before release

[ghost]

Also run whitelist cleanup and #11870 if possible.

[Hainish]

I have running duplicate-whitelist-cleanup.sh and ruleset-coverage-whitelist-cleanup.sh in my normal release checklist. I don't have hsts-prune in this checklist, as this takes a significant amount of time and slows down the release process. It's also fine to run this perennially, not tightly bound to the release cycle. That being said, I can run it now.

[Hainish]

Preloaded domains removed in 13c20349b2c7a2a970e385c26738a84a71afafb1

[cschanaj]

I'd like to note that hsts-prune is still pointing to the discontinued Firefox Aurora release, see #12139

[ghost]

@Hainish Merge #12145, revert 13c2034 and re-run hsts-prune.

[Hainish]

8bda7ce0a40d208a7e752e4df56e32b403160071 incorporates a reversion and re-run of the hsts-prune utility.

Earlier this month, https://hstspreload.org/ removed the language:

Chrome has not yet removed any domains from the preload list for failing to keep up the requirements after submission, but there are plans to do so in the future.

This indicates that they are starting to remove domains from the list according to the preload requirements.

Luckily, in 8bda7ce there were only removals and nothing was re-added. This tends to confirm the intended functionality of the hsts-prune script not to remove domains that do not strictly comply to the preload requirements.

[Hainish]

Finished

[ghost]

I see the counter I made now, good job @Hainish.