eloquence
commented
3 years ago We are aiming to retire the old endpoint approximately one week after the release of Tails 4.20, assuming it does indeed ship with Tor Browser 10.5.
Closed eloquence closed 3 years ago
eloquence
commented
3 years ago We are aiming to retire the old endpoint approximately one week after the release of Tails 4.20, assuming it does indeed ship with Tor Browser 10.5.
eloquence
commented
3 years ago Just to confirm, Tails 4.20 does indeed ship with Tor Browser 10.5.2, and the new ruleset endpoint.
eloquence
commented
3 years ago This is mostly done, as far as I can tell the last remaining step is to schedule a time for a careful merge of https://github.com/freedomofpress/securedrop-https-everywhere-ruleset/pull/66, which will switch main to the branch signed with the new key, and should trigger a deploy (we need to be able to quickly revert in case of any issues).
eloquence
commented
3 years ago This was resolved via #66
Tor Browser 10.5 was released today (https://blog.torproject.org/new-release-tor-browser-105). It ships the new 2021 endpoint https://securedrop.org/https-everywhere-2021/ as the default prefix for the HTTPSEverywhere ruleset.
After a suitable grace period, we should:
key-rotation-2021branch to be the newmainbranchmainfor https://securedrop.org/https-everywhere-2021/The Tails 4.20 release (2021-07-13) seems like the earliest opportunity for making these changes, provided that it ships with Tor Browser 10.5. Note that this will likely still introduce a limited amount of breakage for users who have not updated their Tails release yet, but auto-updates should cover most users.