MozillaWiki

Release Management/ESR Landing Process: Difference between revisions

< Release Management
m (No more aurora flags)
 
(28 intermediate revisions by 6 users not shown)
Line 1: Line 1:
'''Goal:''' We'd like to have a lightweight process that prevents "surprise" ESR landings at the 11th hour and makes sure ESR patches are created very soon after their related mainline patches
{{DISPLAYTITLE:ESR Landing Process}}
 
'''Goal:'''  
 
We'd like to have a lightweight process that prevents "surprise" ESR landings at the 11th hour and makes sure ESR patches are created very soon after their related mainline patches.


=== REPOS ===
=== REPOS ===
Line 7: Line 11:
===More info about the ESR===  
===More info about the ESR===  
* https://wiki.mozilla.org/Enterprise/Firefox/ExtendedSupport:Proposal
* https://wiki.mozilla.org/Enterprise/Firefox/ExtendedSupport:Proposal
* https://www.mozilla.org/en-US/firefox/organizations/faq/
* https://www.mozilla.org/en-US/firefox/organizations/
* https://www.mozilla.org/en-US/firefox/organizations/
* [https://www.mozilla.org/en-US/firefox/organizations/all/ Download]
* [https://www.mozilla.org/en-US/firefox/organizations/all/ Download]
Line 12: Line 17:
===What should land on mozilla-esr{{ESR_CURRENT}}/mozilla-esr{{ESR_NEXT}}===
===What should land on mozilla-esr{{ESR_CURRENT}}/mozilla-esr{{ESR_NEXT}}===


Security and some major stability fixes when they're landed/merged onto mozilla-beta, or fixes for regressions specific to the ESR. Exception: If patches only make changes to tests, test harnesses or anything else that does not affect the shipped builds, they may land with self approval (use a=testonly, a=npotb etc).
Security and some major stability fixes when they're landed/merged onto mozilla-beta, or fixes for regressions specific to the ESR. In the first few cycles of ESR we may be more flexible on these criteria. As the versions progress we should limit this to the most critical security fixes.
 
Exception: If patches only make changes to tests, test harnesses or anything else that does not affect the shipped builds, they may land with self approval (use a=testonly, a=npotb etc).


=== The associated flags===
=== The associated flags===
Line 20: Line 27:
approval-mozilla-esr{{ESR_NEXT}}: ''?'', ''+'', ''-''
approval-mozilla-esr{{ESR_NEXT}}: ''?'', ''+'', ''-''


tracking-esr{{ESR_CURRENT}}: ''?'', ''-'', ''{{BETA_VERSION}}+'', ''{{AURORA_VERSION}}+'', ''{{NIGHTLY_VERSION}}+'', ...
tracking-esr{{ESR_CURRENT}}: ''?'', ''-'', ''{{BETA_VERSION}}+'', ''{{NIGHTLY_VERSION}}+'', ...


tracking-esr{{ESR_NEXT}}: ''?'', ''-'', ''{{BETA_VERSION}}+'', ''{{AURORA_VERSION}}+'', ''{{NIGHTLY_VERSION}}+'', ...
tracking-esr{{ESR_NEXT}}: ''?'', ''-'', ''{{BETA_VERSION}}+'', ''{{NIGHTLY_VERSION}}+'', ...


status-esr{{ESR_CURRENT}}: ''?'', ''unaffected'', ''wontfix'', ''affected'', ''checkin-pending'', ''fixed'', ''verified''
status-esr{{ESR_CURRENT}}: ''?'', ''unaffected'', ''wontfix'', ''affected'', ''checkin-pending'', ''fixed'', ''verified''
Line 31: Line 38:


1) When an engineer believes that a stability bug needs to be addressed for the ESR, or a security fix that's landed on a branch affects the ESR:
1) When an engineer believes that a stability bug needs to be addressed for the ESR, or a security fix that's landed on a branch affects the ESR:
* Set '''tracking-esr{{ESR_CURRENT}}''' (and if we're in the middle of supporting 2 versions, then also tracking-esr{{ESR_NEXT}} to '''?'''
* Set '''tracking-firefox-esr{{ESR_CURRENT}}''' (and if we're in the middle of supporting 2 versions, then also tracking-firefox-esr{{ESR_NEXT}}) to '''?'''
* Set '''tracking-esr{{ESR_CURRENT}}''' (and if we're in the middle of supporting 2 versions, then also tracking-esr{{ESR_NEXT}} to '''affected''' if an ESR patch is still being worked on
* Set '''status-firefox-esr{{ESR_CURRENT}}''' (and if we're in the middle of supporting 2 versions, then also status-firefox-esr{{ESR_NEXT}}) to '''affected''' if an ESR patch is still being worked on
* Set '''approval-mozilla-esr{{ESR_CURRENT}}''' (and if we're in the middle of support 2 versions, then also approval-mozilla-esr{{ESR_NEXT}} to '''?''' and '''status-esr{{ESR_CURRENT}}/{{ESR_NEXT}}''' checkin-pending if a patch is ''ready to land on mozilla-esr{{ESR_CURRENT}}/{{ESR_NEXT}}''
* Set '''approval-mozilla-esr{{ESR_CURRENT}}''' (and if we're in the middle of support 2 versions, then also approval-mozilla-esr{{ESR_NEXT}}) to '''?''' and '''status-firefox-esr{{ESR_CURRENT}}/{{ESR_NEXT}}''' to '''checkin-pending''' if a patch is ''ready to land on mozilla-esr{{ESR_CURRENT}}/{{ESR_NEXT}}''
2) Members of both Security and Release Management teams will triage tracking-esr{{ESR_CURRENT}}/{{ESR_NEXT}}=?, and if agreement is that it's needed for the ESR, the tracking flag will be set to the first version of mainline Firefox that the patch is present in and the '''approval-mozilla-esr{{ESR_CURRENT}}/{{ESR_NEXT}}''' flag will be set to '''+'''.
2) Members of both Security and Release Management teams will triage tracking-firefox-esr{{ESR_CURRENT}}/{{ESR_NEXT}}=?, and if agreement is that it's needed for the ESR, the tracking flag will be set to the first version of mainline Firefox that the patch is present in and the '''approval-mozilla-esr{{ESR_CURRENT}}/{{ESR_NEXT}}''' flag will be set to '''+'''.
* In the case of an ESR-specific regression, we'll track for the next ESR release (e.g.: {{ESR_FUTURE}}).
* In the case of an ESR-specific regression, we'll track for the next ESR release.
* Why are we using mainline versions to track the ESR? According to the ESR proposal, a chemspill uses a minor version number, thus throwing off our tracking flags. Additionally, engineers shouldn't have to know what version of the ESR we're on.
* Why are we using mainline versions to track the ESR? According to the ESR proposal, a chemspill uses a minor version number, thus throwing off our tracking flags. Additionally, engineers shouldn't have to know what version of the ESR we're on.
3) Once the mozilla-beta version matches the tracking-esr{{ESR_CURRENT}}/{{ESR_NEXT}} version(s), Security and Release Management teams will triage those bugs and make sure affected/checkin-pending fixes are landed at least 1 week prior to release so that we can go-to-build.
3) Once the mozilla-beta version matches the tracking-firefox-esr{{ESR_CURRENT}}/{{ESR_NEXT}} version(s), Security and Release Management teams will triage those bugs and make sure affected/checkin-pending fixes are landed at least 1 week prior to release so that we can go-to-build.
* Approval is required, so add "a={whoever set the approval-mozilla-esr10 flag to +}" to the commit message.
* Approval is required, so add "a={whoever set the approval-mozilla-esr{{ESR_CURRENT}} flag to +}" to the commit message.
* After landing the patch, set status-esr{{ESR_CURRENT}}/{{ESR_NEXT}} to "fixed".
* After landing the patch, set status-firefox-esr{{ESR_CURRENT}}/{{ESR_NEXT}} to "fixed".
* Our beta period for the ESR will be to push this build to FTP a week early for qualification by enterprises.
* Our beta period for the ESR will be to push this build to FTP a week early for qualification by enterprises.


= ESR Triage Queries =
= ESR Triage Queries =
==CURRENT TEMPLATE VALUES==
==CURRENT TEMPLATE VALUES==
[[Template:ESR_PREVIOUS|ESR_PREVIOUS (click to edit)]]: {{ESR_PREVIOUS}}


[[Template:ESR_CURRENT|ESR_CURRENT (click to edit)]]:  {{ESR_CURRENT}}
[[Template:ESR_CURRENT|ESR_CURRENT (click to edit)]]:  {{ESR_CURRENT}}


[[Template:ESR_CURRENT_DOT|ESR_CURRENT_DOT (click to edit)]]: {{ESR_CURRENT_DOT}}
[[Template:ESR_BRANCH_DATE|ESR_BRANCH_DATE (click to edit)]]: {{ESR_BRANCH_DATE}} // Firefox {{ESR_CURRENT}} beta branch date


[[Template:ESR_NEXT|ESR_NEXT (click to edit)]]: {{ESR_NEXT}}
[[Template:ESR_NEXT|ESR_NEXT (click to edit)]]: {{ESR_NEXT}}


[[Template:ESR_NEXT_DOT|ESR_NEXT_DOT (click to edit)]]: {{ESR_NEXT_DOT}}
[[Template:ESR_NEXT_BRANCH_DATE|ESR_NEXT_BRANCH_DATE (click to edit)]]: {{ESR_NEXT_BRANCH_DATE}} // Firefox {{ESR_NEXT}} beta branch date
 
[[Template:ESR_FUTURE|ESR_FUTURE]]: {{ESR_FUTURE}}


== ESR{{ESR_CURRENT}} ==
== ESR{{ESR_CURRENT}} ==
Line 62: Line 64:
* [https://bugzilla.mozilla.org/buglist.cgi?o0=substring&f0=flagtypes.name&v0=approval-mozilla-esr{{ESR_CURRENT}}%3F ESR-{{ESR_CURRENT}} approval requests] - approve/deny, make sure {{BETA_VERSION}}+ is set
* [https://bugzilla.mozilla.org/buglist.cgi?o0=substring&f0=flagtypes.name&v0=approval-mozilla-esr{{ESR_CURRENT}}%3F ESR-{{ESR_CURRENT}} approval requests] - approve/deny, make sure {{BETA_VERSION}}+ is set


* [https://bugzilla.mozilla.org/buglist.cgi?f1=bug_group&o3=nowordssubstr&v3=unaffected%20verified%20fixed%20disabled&o1=substring&o2=nowordssubstr&chfieldto=Now&chfield=resolution&chfieldfrom=2014-04-28&f3=cf_status_firefox{{ESR_CURRENT}}&f2=cf_status_firefox_esr{{ESR_CURRENT}}&chfieldvalue=FIXED&v1=core-security&v2=unaffected%20wontfix%20verified%20fixed%20affected%20disabled&list_id=8200291 Security bugs fixed on mainline, status not marked for ESR{{ESR_CURRENT}}] - mark the ESR as affected/unaffected
* [https://bugzilla.mozilla.org/buglist.cgi?keywords=sec-other%20sec-want&keywords_type=nowords&f4=cf_last_resolved&o4=greaterthan&v4={{ESR_BRANCH_DATE}}&f0=product&o0=nowordssubstr&v0=Boot2Gecko%20Testing%20MailNews%20Thunderbird%20Calendar%20SeaMonkey%20OS%20Plugins%20Android%20iOS&f1=bug_group&o1=substring&v1=core-security&f3=cf_status_firefox{{ESR_CURRENT}}&o3=nowordssubstr&v3=unaffected%20verified%20fixed%20disabled&resolution=FIXED&o2=nowordssubstr&f2=cf_status_firefox_esr{{ESR_CURRENT}}&v2=unaffected%20wontfix%20verified%20fixed%20affected%20disabled&list_id=12669801 Security bugs fixed since Firefox {{ESR_CURRENT}}, status not marked for ESR{{ESR_CURRENT}}]
** Minus b2g,tbird: [https://bugzilla.mozilla.org/buglist.cgi?o0=nowordssubstr&f1=bug_group&o3=nowordssubstr&f0=product&v3=unaffected%20verified%20fixed%20disabled&o1=substring&v0=Boot2Gecko%20Testing%20MailNews%20Thunderbird%20Calendar%20SeaMonkey%20OS&o2=nowordssubstr&chfieldto=Now&chfield=resolution&chfieldfrom=2014-04-28&f3=cf_status_firefox{{ESR_CURRENT}}&f2=cf_status_firefox_esr{{ESR_CURRENT}}&chfieldvalue=FIXED&v1=core-security&v2=unaffected%20wontfix%20verified%20fixed%20affected%20disabled Security bugs fixed on mainline, status not marked for ESR{{ESR_CURRENT}}]
** [https://bugzilla.mozilla.org/buglist.cgi?keywords=sec-critical%20sec-high&keywords_type=anywords&f4=cf_last_resolved&o4=greaterthan&v4={{ESR_BRANCH_DATE}}&f0=product&o0=nowordssubstr&v0=Boot2Gecko%20Testing%20MailNews%20Thunderbird%20Calendar%20SeaMonkey%20OS%20Plugins%20Android%20iOS&f1=bug_group&o1=substring&v1=core-security&f3=cf_status_firefox{{ESR_CURRENT}}&o3=nowordssubstr&v3=unaffected%20verified%20fixed%20disabled&resolution=FIXED&o2=nowordssubstr&f2=cf_status_firefox_esr{{ESR_CURRENT}}&v2=unaffected%20wontfix%20verified%20fixed%20affected%20disabled&list_id=12669802 As above, but only sec-high/sec-criticals]
** [https://bugzilla.mozilla.org/buglist.cgi?keywords=sec-other%20sec-want%20sec-low&keywords_type=nowords&f4=cf_last_resolved&o4=greaterthan&v4={{ESR_BRANCH_DATE}}&f0=product&o0=nowordssubstr&v0=Boot2Gecko%20Testing20SeaMonkey%20Plugins%20iOS&f1=bug_group&o1=substring&v1=core-security&f3=cf_status_firefox{{ESR_CURRENT}}&o3=nowordssubstr&v3=unaffected%20verified%20fixed%20disabled&resolution=FIXED&o2=nowordssubstr&f2=cf_status_firefox_esr{{ESR_CURRENT}}&v2=unaffected%20wontfix%20verified%20fixed%20affected%20disabled&list_id=12669803 As the top, including Tbird, FxOS, excluding sec-lows]


* [https://bugzilla.mozilla.org/buglist.cgi?o1=notsubstring&f2=bug_group&resolution=FIXED&o0=equals&v1=%2B&f0=cf_status_firefox_esr{{ESR_CURRENT}}&bug_status=RESOLVED&bug_status=VERIFIED&f1=cf_tracking_firefox_esr{{ESR_CURRENT}}&v2=core-security&v0=affected&o2=substring Bugs marked as affected for ESR, but not tracked] - track for a release or wontfix
* [https://bugzilla.mozilla.org/buglist.cgi?o1=notsubstring&f2=bug_group&resolution=FIXED&o0=equals&v1=%2B&f0=cf_status_firefox_esr{{ESR_CURRENT}}&bug_status=RESOLVED&bug_status=VERIFIED&f1=cf_tracking_firefox_esr{{ESR_CURRENT}}&v2=core-security&v0=affected&o2=substring Bugs marked as affected for ESR, but not tracked] - track for a release or wontfix
Line 73: Line 76:


== ESR{{ESR_NEXT}} ==
== ESR{{ESR_NEXT}} ==
'''Note: not useful until Firefox {{ESR_NEXT}} is on Aurora or later'''
'''Note: not useful until Firefox {{ESR_NEXT}} is on Beta'''
* [https://bugzilla.mozilla.org/buglist.cgi?o0=equals&f0=cf_tracking_firefox_esr{{ESR_NEXT}}&v0=%3F ESR{{ESR_NEXT}} Nominations] - track for an upcoming ESR release, or don't track at all
* [https://bugzilla.mozilla.org/buglist.cgi?o0=equals&f0=cf_tracking_firefox_esr{{ESR_NEXT}}&v0=%3F ESR{{ESR_NEXT}} Nominations] - track for an upcoming ESR release, or don't track at all
* [https://bugzilla.mozilla.org/buglist.cgi?o0=substring&f0=flagtypes.name&v0=approval-mozilla-esr{{ESR_NEXT}}%3F ESR-{{ESR_NEXT}} approval requests] - approve/deny, make sure {{BETA_VERSION}}+ is set
* [https://bugzilla.mozilla.org/buglist.cgi?o0=substring&f0=flagtypes.name&v0=approval-mozilla-esr{{ESR_NEXT}}%3F ESR-{{ESR_NEXT}} approval requests] - approve/deny, make sure {{BETA_VERSION}}+ is set


* [https://bugzilla.mozilla.org/buglist.cgi?keywords=low%2Cmoderate&keywords_type=nowords&f1=bug_group&o3=nowordssubstr&v3=unaffected%20verified%20fixed%20disabled&o1=substring&o2=nowordssubstr&chfieldto=Now&chfield=resolution&chfieldfrom=2015-02-23&f3=cf_status_firefox{{ESR_NEXT}}&f2=cf_status_firefox_esr{{ESR_NEXT}}&chfieldvalue=FIXED&v1=core-security&v2=unaffected%20wontfix%20verified%20fixed%20affected%20disabled1&v0=Boot2Gecko%20Testing%20MailNews%20Thunderbird%20Calendar%20SeaMonkey%20OS&f0=product&o0=nowordssubstr Security bugs (not low/moderate, minus OS/TB/SM) fixed on mainline, status not marked for ESR{{ESR_NEXT}}] - mark the ESR as affected/unaffected
* [https://bugzilla.mozilla.org/buglist.cgi?keywords=sec-other%20sec-want&keywords_type=nowords&f4=cf_last_resolved&o4=greaterthan&v4={{ESR_NEXT_BRANCH_DATE}}&f0=product&o0=nowordssubstr&v0=Boot2Gecko%20Testing%20MailNews%20Thunderbird%20Calendar%20SeaMonkey%20OS%20Plugins%20Android%20iOS&f1=bug_group&o1=substring&v1=core-security&f3=cf_status_firefox{{ESR_NEXT}}&o3=nowordssubstr&v3=unaffected%20verified%20fixed%20disabled&resolution=FIXED&o2=nowordssubstr&f2=cf_status_firefox_esr{{ESR_NEXT}}&v2=unaffected%20wontfix%20verified%20fixed%20affected%20disabled&list_id=12669804 Security bugs fixed since Firefox {{ESR_NEXT}}, status not marked for ESR{{ESR_NEXT}}]
** wider net: [https://bugzilla.mozilla.org/buglist.cgi?v4=core-security&o5=substring&keywords=sec-want&keywords_type=nowords&f1=product&o7=nowordssubstr&o1=nowordssubstr&classification=Client%20Software&classification=Components&o2=nowordssubstr&v7=unaffected%20fixed%20verified%20disabled&f4=bug_group&chfieldto=Now&v5=sec-&chfield=resolution&chfieldfrom=2015-02-23&f3=OP&f2=cf_status_firefox_esr{{ESR_NEXT}}&o4=substring&chfieldvalue=FIXED&f5=keywords&j3=OR&v1=Calendar%20OS%20Testing%20SeaMonkey%20Mozilla&f6=CP&v2=unaffected%20wontfix%20verified%20fixed%20affected%20disabled&f7=cf_status_firefox{{ESR_NEXT}} security bugs fixed on mainline, including sec-low/moderate and Thunderbird]
** [https://bugzilla.mozilla.org/buglist.cgi?keywords=sec-critical%20sec-high&keywords_type=anywords&f4=cf_last_resolved&o4=greaterthan&v4={{ESR_NEXT_BRANCH_DATE}}&f0=product&o0=nowordssubstr&v0=Boot2Gecko%20Testing%20MailNews%20Thunderbird%20Calendar%20SeaMonkey%20OS%20Plugins%20Android%20iOS&f1=bug_group&o1=substring&v1=core-security&f3=cf_status_firefox{{ESR_NEXT}}&o3=nowordssubstr&v3=unaffected%20verified%20fixed%20disabled&resolution=FIXED&o2=nowordssubstr&f2=cf_status_firefox_esr{{ESR_NEXT}}&v2=unaffected%20wontfix%20verified%20fixed%20affected%20disabled&list_id=12669805 As above, but only sec-high/sec-criticals]
** [https://bugzilla.mozilla.org/buglist.cgi?keywords=sec-other%20sec-want%20sec-low&keywords_type=nowords&f4=cf_last_resolved&o4=greaterthan&v4={{ESR_NEXT_BRANCH_DATE}}&f0=product&o0=nowordssubstr&v0=Boot2Gecko%20Testing20SeaMonkey%20Plugins%20iOS&f1=bug_group&o1=substring&v1=core-security&f3=cf_status_firefox{{ESR_NEXT}}&o3=nowordssubstr&v3=unaffected%20verified%20fixed%20disabled&resolution=FIXED&o2=nowordssubstr&f2=cf_status_firefox_esr{{ESR_NEXT}}&v2=unaffected%20wontfix%20verified%20fixed%20affected%20disabled&list_id=12669806 As the top, including Tbird, FxOS, excluding sec-lows]


* [https://bugzilla.mozilla.org/buglist.cgi?o1=notsubstring&f2=bug_group&resolution=FIXED&o0=equals&v1=%2B&f0=cf_status_firefox_esr{{ESR_NEXT}}&bug_status=RESOLVED&bug_status=VERIFIED&f1=cf_tracking_firefox_esr{{ESR_NEXT}}&v2=core-security&v0=affected&o2=substring Bugs marked as affected for ESR, but not tracked] - track for a release or wontfix
* [https://bugzilla.mozilla.org/buglist.cgi?o1=notsubstring&f2=bug_group&resolution=FIXED&o0=equals&v1=%2B&f0=cf_status_firefox_esr{{ESR_NEXT}}&bug_status=RESOLVED&bug_status=VERIFIED&f1=cf_tracking_firefox_esr{{ESR_NEXT}}&v2=core-security&v0=affected&o2=substring Bugs marked as affected for ESR, but not tracked] - track for a release or wontfix
Line 86: Line 90:
* [https://bugzilla.mozilla.org/buglist.cgi?f1=cf_tracking_firefox_esr{{ESR_NEXT}}&o1=equals&o2=nowordssubstr&f2=cf_status_firefox_esr{{ESR_NEXT}}&v1={{BETA_VERSION}}%2B&v2=fixed%20verified%20disabled%20wontfix%20unaffected Bugs that need to be fixed on ESR{{ESR_NEXT}} this cycle] - follow up with the engineers
* [https://bugzilla.mozilla.org/buglist.cgi?f1=cf_tracking_firefox_esr{{ESR_NEXT}}&o1=equals&o2=nowordssubstr&f2=cf_status_firefox_esr{{ESR_NEXT}}&v1={{BETA_VERSION}}%2B&v2=fixed%20verified%20disabled%20wontfix%20unaffected Bugs that need to be fixed on ESR{{ESR_NEXT}} this cycle] - follow up with the engineers
* [https://bugzilla.mozilla.org/buglist.cgi?f1=cf_tracking_firefox_esr{{ESR_NEXT}}&o1=equals&o2=nowordssubstr&query_format=advanced&f2=cf_status_firefox_esr{{ESR_NEXT}}&v1=%2B&v2=%20fixed%20verified Tracked, but not for a specific version] - follow up and decide on what version of the ESR these fixes should go into
* [https://bugzilla.mozilla.org/buglist.cgi?f1=cf_tracking_firefox_esr{{ESR_NEXT}}&o1=equals&o2=nowordssubstr&query_format=advanced&f2=cf_status_firefox_esr{{ESR_NEXT}}&v1=%2B&v2=%20fixed%20verified Tracked, but not for a specific version] - follow up and decide on what version of the ESR these fixes should go into
== B2G18 ==
NOTE: Post-merge, we'll likely need to create new static links for 20+ b2g bugs (still landing to v1.1, along with 21+ bugs)
* [https://bugzilla.mozilla.org/buglist.cgi?type1-0-0=equals;list_id=5417323;field0-0-0=flagtypes.name;query_format=advanced;value1-0-0=core-security;type0-0-0=substring;value0-0-0=approval-mozilla-b2g18%3F;field1-0-0=bug_group B2G-18 security approval requests] - approve/deny, make sure {{BETA_VERSION}}+ is set
* [https://bugzilla.mozilla.org/buglist.cgi?type0-1-0=nowordssubstr;list_id=5417475;field0-1-0=cf_status_b2g18;field0-0-0=bug_group;chfieldto=Now;query_format=advanced;chfield=resolution;value0-2-0=unaffected%20verified%20fixed%20disabled;chfieldfrom=2012-10-08;value0-1-0=unaffected%20wontfix%20verified%20fixed%20affected%20disabled;chfieldvalue=FIXED;field0-2-0=cf_status_firefox18;type0-0-0=equals;value0-0-0=core-security;type0-2-0=nowordssubstr Security bugs fixed on mainline, status not marked for B2G18] - mark B2G as affected/unaffected
** [https://bugzilla.mozilla.org/buglist.cgi?o5=substring&list_id=8461921&o1=nowordssubstr&o2=nowordssubstr&v5=core-security&chfield=resolution&chfieldfrom=2012-10-08&chfieldvalue=FIXED&j4=OR&v1=Thunderbird%20mail%20seamonkey%20services%20calendar%20testing&v2=unaffected%20wontfix%20verified%20fixed%20affected%20disabled&f1=product&o3=nowordssubstr&v6=sec-critical%20sec-high&v3=unaffected%20wontfix%20verified%20fixed%20affected%20disabled&classification=Client%20Software&classification=Components&o6=anywordssubstr&f4=OP&chfieldto=Now&query_format=advanced&f3=cf_status_firefox18&f2=cf_status_b2g18&f5=bug_group&f6=keywords security bugs fixed on mainline, status not marked for B2G18] (alternate query, includes high priority unhidden bugs, skips Thunderbird et al)
* [https://bugzilla.mozilla.org/buglist.cgi?type0-1-0=notsubstring&list_id=5417254&field0-1-0=cf_tracking_b2g18&field0-0-0=cf_status_b2g18&resolution=FIXED&query_format=advanced&value0-2-0=core-security&value0-1-0=%2B&bug_status=RESOLVED&bug_status=VERIFIED&field0-2-0=bug_group&type0-0-0=equals&value0-0-0=affected&type0-2-0=equals Security bugs marked as affected for B2G, but not tracked] - track for a release or wontfix
* [https://bugzilla.mozilla.org/buglist.cgi?field0-3-0=bug_group;type0-1-0=equals;list_id=5417343;field0-1-0=cf_status_b2g18;field0-0-0=cf_status_firefox{{BETA_VERSION}};value0-3-0=core-security;query_format=advanced;value0-2-0={{BETA_VERSION}}%2B;value0-1-0=affected;type0-3-0=equals;field0-2-0=cf_status_b2g18;type0-0-0=anywordssubstr;value0-0-0=fixed%20verified;type0-2-0=notequals Security bugs that may need to land now] - {{BETA_VERSION}}+ if necessary, or wontfix
* [https://bugzilla.mozilla.org/buglist.cgi?type0-1-0=equals;list_id=5417399;field0-1-0=cf_status_b2g18;field0-0-0=target_milestone;query_format=advanced;value0-2-0=core-security;value0-1-0=affected;bug_status=RESOLVED;bug_status=VERIFIED;field0-2-0=bug_group;type0-0-0=substring;value0-0-0={{BETA_VERSION}};type0-2-0=equals Security bugs that also may need to land now]
* [https://bugzilla.mozilla.org/buglist.cgi?type0-1-0=nowordssubstr;list_id=5417386;field0-1-0=cf_status_b2g18;field0-0-0=cf_tracking_b2g18;value0-1-0=fixed%20verified%20disabled%20wontfix%20unaffected;type0-0-0=equals;value0-0-0={{BETA_VERSION}}%2B;type0-2-0=equals;query_format=advanced;value0-2-0=core-security;field0-2-0=bug_group Bugs that need to be fixed on B2G18 this cycle] - follow up with the engineers
== B2G26(v1.2) ==
* [https://bugzilla.mozilla.org/buglist.cgi?o5=substring&f1=product&v6=sec-critical%20sec-high&o3=nowordssubstr&list_id=8780228&o1=nowordssubstr&classification=Client%20Software&classification=Components&o6=anywordssubstr&o2=nowordssubstr&f4=OP&v5=core-security&chfieldto=Now&query_format=advanced&chfield=resolution&chfieldfrom=2013-10-28&f2=cf_status_b2g_1_2&chfieldvalue=FIXED&j4=OR&f5=bug_group&v1=Thunderbird%20mail%20seamonkey%20services%20calendar%20testing&f6=keywords&v2=unaffected%20wontfix%20verified%20fixed%20affected%20disabled Security bugs fixed on mainline, status not marked for 1.2 ] - mark status-b2g-v1.2: as affected/unaffected/wontfix


= ESR Timeline and Activities =
= ESR Timeline and Activities =
Line 108: Line 96:
* for potential ESR uplifts
* for potential ESR uplifts
* to review uplift requests
* to review uplift requests
* to follow up on approved uplifts that have not landed.
* to follow up on approved uplifts that have not landed
* Note: if you don't have [https://www.mozilla.org/en-US/about/governance/policies/security-group/bugs/ security bug access], please ask another release manager to check the sec-critical bugs to nominate them and cc you.
 
=== Week 4 ===  
=== Week 4 ===  
Tue: Send [[Release_Management/ESR_Landing_Process#Smoke_Test_Request|smoke test e-mail]] to enterprise list
Tue: Send [[Release_Management/ESR_Landing_Process#Smoke_Test_Request|smoke test e-mail]] to enterprise list
Line 115: Line 105:
Mon:
Mon:
# Kick off RC build in ship-it
# Kick off RC build in ship-it
# Send [[Release_Management/ESR_Landing_Process#Go_To_Build_for_ESR_Candidate|go to build e-mail]] for ESR candidate to release-drivers.
# Send [[Release_Management/ESR_Landing_Process#Go_To_Build_for_ESR_Candidate|go to build e-mail]] for ESR candidate to release-drivers. (This happens automatically if you fill in the form in ship-it)
# Create release notes in Nucleus
# Create release notes in Nucleus


Line 124: Line 114:
All happens after mainline release goes live (usually 8am Pacific time)
All happens after mainline release goes live (usually 8am Pacific time)
# You must have received sign off for esr-cdntest updates from QA
# You must have received sign off for esr-cdntest updates from QA
# Talk with sec team to coordinate timing for sec advisories going live
# Send [[Release_Management/ESR_Landing_Process#Request_to_push_release_to_esr_channel|push release to esr channel e-mail]] request for releng to r-d
# Send [[Release_Management/ESR_Landing_Process#Request_to_push_release_to_esr_channel|push release to esr channel e-mail]] request for releng to r-d
# Mark release notes as public in Nucleus
# Mark release notes as public in Nucleus
# Update [http://viewvc.svn.mozilla.org/vc/libs/product-details/history product details in SVN] ([[Release_Management/Release_Notes_and_Product_Details|instructions]], remember to push the [[Release_Management/Release_Notes_and_Product_Details#Completion_Checklist|big red button]])
# Update [http://viewvc.svn.mozilla.org/vc/libs/product-details/history product details in SVN] ([[Release_Management/Release_Notes_and_Product_Details|instructions]]; add the version to history/firefoxHistory.class.php and update the constant in FIREFOX_ESR.php)
# Add release to [[Releases|historical releases page]]
# Add release to [[Releases|historical releases page]]
# Post [[Release_Management/ESR_Landing_Process#Release_Announcement|release announcement]] to enterprise mailing list
# Post [[Release_Management/ESR_Landing_Process#Release_Announcement|release announcement]] to enterprise mailing list
# Update as needed the wiki template values - [[Release_Management/ESR_Landing_Process#CURRENT_TEMPLATE_VALUES]] - at the very least you are bumping the dot version of the current ESR
# File bugs in the BMO: Adminstration component to create and remove ESR related tracking flags and attachment flags at the boundaries between major versions. Examples can be found in this bugzilla query: https://bugzilla.mozilla.org/buglist.cgi?list_id=12657880&short_desc=esr%20flag&resolution=FIXED&query_format=advanced&short_desc_type=allwordssubstr


== Sample E-mails ==
== Sample E-mails ==
Line 135: Line 128:
Subject: Request: Smoke Test Firefox {{ESR_NEXT}}esr
Subject: Request: Smoke Test Firefox {{ESR_NEXT}}esr


As we approach the ESR {{ESR_NEXT}} release date of June 10th, we'd like your help in smoke testing the latest pre-release builds. Our request is not for full qualification of the builds but rather exploratory testing of internal websites and applications for which our QA team does not have access.
As we approach the ESR {{ESR_NEXT}} release date of {{FIREFOX_SHIP_DATE}}, we'd like your help in smoke testing the latest pre-release builds. Our request is not for full qualification of the builds but rather exploratory testing of internal websites and applications for which our QA team does not have access.


Please file bugs for any critical regressions that you find in Bugzilla and make sure to set the need-info? flag on release-mgmt at mozilla.com <mailto:release-mgmt at mozilla.com> in order to alert the release management team to the issues. Alternatively, you can directly email release-mgmt at mozilla.com <mailto:release-mgmt at mozilla.com> or this list.
Please file bugs for any critical regressions that you find in Bugzilla and make sure to set the need-info? flag on release-mgmt at mozilla.com <mailto:release-mgmt at mozilla.com> in order to alert the release management team to the issues. Alternatively, you can directly email release-mgmt at mozilla.com <mailto:release-mgmt at mozilla.com> or this list.
Line 149: Line 142:


ESR {{ESR_NEXT}} Windows:
ESR {{ESR_NEXT}} Windows:
https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-mozilla-esr24/firefox-24.6.0esrpre.en-US.win32.installer.exe
https://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/mozilla-esr38-win32/latest/firefox-38.1.0esrpre.en-US.win32.installer.exe


ESR {{ESR_NEXT}} Mac OS X:
ESR {{ESR_NEXT}} Mac OS X:
https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-mozilla-esr24/firefox-24.6.0esrpre.en-US.mac.dmg
https://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/mozilla-esr38-macosx64/latest/firefox-38.1.0esrpre.en-US.mac.dmg


ESR {{ESR_NEXT}} Linux 32 bits:
ESR {{ESR_NEXT}} Linux 32 bits:
https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-mozilla-esr24/firefox-24.6.0esrpre.en-US.linux-i686.tar.bz2
http://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/mozilla-esr38-linux/latest/firefox-38.1.0esrpre.en-US.linux-i686.tar.bz2


ESR {{ESR_NEXT}} Linux 64 bits:
ESR {{ESR_NEXT}} Linux 64 bits:
https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-mozilla-esr24/firefox-24.6.0esrpre.en-US.linux-x86_64.tar.bz2
https://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/mozilla-esr38-linux64/latest/firefox-38.1.0esrpre.en-US.linux-x86_64.tar.bz2
</pre>
</pre>


=== Go To Build for ESR Candidate ===
<pre style="white-space:pre-wrap;">
Subject: Please build ESR 24.5.0 build#1
Submitted to ship-it.
  changeset <changeset id>
Thanks,
<name>
</pre>
=== Request to push release to esr channel ===
=== Request to push release to esr channel ===
<pre style="white-space:pre-wrap;">
<pre style="white-space:pre-wrap;">
Line 200: Line 182:
</pre>
</pre>
[[category:Release_Management|E]]
[[category:Release_Management|E]]


= Branching Logistics =
= Branching Logistics =
When we have the overlapping ESR (and the first build of a major version number for the ESR.next - 10, 17, 24, 31, etc) we do build a separate build with its own branding from the newly minted branch.  See https://wiki.mozilla.org/Releases/Firefox_24.0.esr/BuildNotes for how to kick off the builds and http://hg.mozilla.org/releases/mozilla-esr31/rev/e91c79c4c04b for an example of the custom configs needed for that first build's partials that has to land before kicking off the build in ship-it.
When we have the overlapping ESR (and the first build of a major version number for the ESR.next - 10, 17, 24, 31, etc) we do build a separate build with its own branding from the newly minted branch.  See https://wiki.mozilla.org/Releases/Firefox_24.0.esr/BuildNotes for how to kick off the builds and http://hg.mozilla.org/releases/mozilla-esr31/rev/e91c79c4c04b for an example of the custom configs needed for that first build's partials that has to land before kicking off the build in ship-it.
[[Category:Release_Management:Processes|ESR]]

Latest revision as of 20:43, 24 July 2018


Goal:

We'd like to have a lightweight process that prevents "surprise" ESR landings at the 11th hour and makes sure ESR patches are created very soon after their related mainline patches.

REPOS

The ESR78 repo: https://hg.mozilla.org/releases/mozilla-esr78/ The ESR78 repo: https://hg.mozilla.org/releases/mozilla-esr78/

More info about the ESR

What should land on mozilla-esr78/mozilla-esr78

Security and some major stability fixes when they're landed/merged onto mozilla-beta, or fixes for regressions specific to the ESR. In the first few cycles of ESR we may be more flexible on these criteria. As the versions progress we should limit this to the most critical security fixes.

Exception: If patches only make changes to tests, test harnesses or anything else that does not affect the shipped builds, they may land with self approval (use a=testonly, a=npotb etc).

The associated flags

approval-mozilla-esr78: ?, +, -

approval-mozilla-esr78: ?, +, -

tracking-esr78: ?, -, 128+, 129+, ...

tracking-esr78: ?, -, 128+, 129+, ...

status-esr78: ?, unaffected, wontfix, affected, checkin-pending, fixed, verified

status-esr78: ?, unaffected, wontfix, affected, checkin-pending, fixed, verified

The process

1) When an engineer believes that a stability bug needs to be addressed for the ESR, or a security fix that's landed on a branch affects the ESR:

  • Set tracking-firefox-esr78 (and if we're in the middle of supporting 2 versions, then also tracking-firefox-esr78) to ?
  • Set status-firefox-esr78 (and if we're in the middle of supporting 2 versions, then also status-firefox-esr78) to affected if an ESR patch is still being worked on
  • Set approval-mozilla-esr78 (and if we're in the middle of support 2 versions, then also approval-mozilla-esr78) to ? and status-firefox-esr78/78 to checkin-pending if a patch is ready to land on mozilla-esr78/78

2) Members of both Security and Release Management teams will triage tracking-firefox-esr78/78=?, and if agreement is that it's needed for the ESR, the tracking flag will be set to the first version of mainline Firefox that the patch is present in and the approval-mozilla-esr78/78 flag will be set to +.

  • In the case of an ESR-specific regression, we'll track for the next ESR release.
  • Why are we using mainline versions to track the ESR? According to the ESR proposal, a chemspill uses a minor version number, thus throwing off our tracking flags. Additionally, engineers shouldn't have to know what version of the ESR we're on.

3) Once the mozilla-beta version matches the tracking-firefox-esr78/78 version(s), Security and Release Management teams will triage those bugs and make sure affected/checkin-pending fixes are landed at least 1 week prior to release so that we can go-to-build.

  • Approval is required, so add "a={whoever set the approval-mozilla-esr78 flag to +}" to the commit message.
  • After landing the patch, set status-firefox-esr78/78 to "fixed".
  • Our beta period for the ESR will be to push this build to FTP a week early for qualification by enterprises.

ESR Triage Queries

CURRENT TEMPLATE VALUES

ESR_CURRENT (click to edit): 78

ESR_BRANCH_DATE (click to edit): 2019-05-20 // Firefox 78 beta branch date

ESR_NEXT (click to edit): 78

ESR_NEXT_BRANCH_DATE (click to edit): 2020-06-01 // Firefox 78 beta branch date

ESR78


ESR78

Note: not useful until Firefox 78 is on Beta


ESR Timeline and Activities

Weekly

Review ESR queries

  • for potential ESR uplifts
  • to review uplift requests
  • to follow up on approved uplifts that have not landed
  • Note: if you don't have security bug access, please ask another release manager to check the sec-critical bugs to nominate them and cc you.

Week 4

Tue: Send smoke test e-mail to enterprise list

Week 5

Mon:

  1. Kick off RC build in ship-it
  2. Send go to build e-mail for ESR candidate to release-drivers. (This happens automatically if you fill in the form in ship-it)
  3. Create release notes in Nucleus

Release Week

Monday: ESR sign off on esr-localtest channel should have been received, so now email release-drivers list to request the push to esr-cdntest (more on these channels in Releases/Update_Channels.

Release Day

All happens after mainline release goes live (usually 8am Pacific time)

  1. You must have received sign off for esr-cdntest updates from QA
  2. Talk with sec team to coordinate timing for sec advisories going live
  3. Send push release to esr channel e-mail request for releng to r-d
  4. Mark release notes as public in Nucleus
  5. Update product details in SVN (instructions; add the version to history/firefoxHistory.class.php and update the constant in FIREFOX_ESR.php)
  6. Add release to historical releases page
  7. Post release announcement to enterprise mailing list
  8. Update as needed the wiki template values - Release_Management/ESR_Landing_Process#CURRENT_TEMPLATE_VALUES - at the very least you are bumping the dot version of the current ESR
  9. File bugs in the BMO: Adminstration component to create and remove ESR related tracking flags and attachment flags at the boundaries between major versions. Examples can be found in this bugzilla query: https://bugzilla.mozilla.org/buglist.cgi?list_id=12657880&short_desc=esr%20flag&resolution=FIXED&query_format=advanced&short_desc_type=allwordssubstr

Sample E-mails

Smoke Test Request

Subject: Request: Smoke Test Firefox {{ESR_NEXT}}esr

As we approach the ESR {{ESR_NEXT}} release date of {{FIREFOX_SHIP_DATE}}, we'd like your help in smoke testing the latest pre-release builds. Our request is not for full qualification of the builds but rather exploratory testing of internal websites and applications for which our QA team does not have access.

Please file bugs for any critical regressions that you find in Bugzilla and make sure to set the need-info? flag on release-mgmt at mozilla.com <mailto:release-mgmt at mozilla.com> in order to alert the release management team to the issues. Alternatively, you can directly email release-mgmt at mozilla.com <mailto:release-mgmt at mozilla.com> or this list.

Thank you for your continued support in ensuring high quality ESR releases.

<name>
Firefox Release Manager


*NOTE*: Do not deploy any of the pre-release builds listed below. These pre-release builds will not update correctly and will not be supported by Mozilla.


ESR {{ESR_NEXT}} Windows:
https://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/mozilla-esr38-win32/latest/firefox-38.1.0esrpre.en-US.win32.installer.exe

ESR {{ESR_NEXT}} Mac OS X:
https://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/mozilla-esr38-macosx64/latest/firefox-38.1.0esrpre.en-US.mac.dmg

ESR {{ESR_NEXT}} Linux 32 bits:
http://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/mozilla-esr38-linux/latest/firefox-38.1.0esrpre.en-US.linux-i686.tar.bz2

ESR {{ESR_NEXT}} Linux 64 bits:
https://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/mozilla-esr38-linux64/latest/firefox-38.1.0esrpre.en-US.linux-x86_64.tar.bz2

Request to push release to esr channel

Subject: Please push Firefox 24.5.0esr build #1 to the ESR channel

Hello,

QA has signed off on the desktop release. Please push ESR to the esr release channel. 

Thanks,
<name>

Release Announcement

Subject: Firefox 24.6.0esr released

I'm pleased to announce the release of Firefox ESR 24.6.0. This release includes security fixes in line with Firefox 30.

You can find installers for Windows / Mac OS X / GNU/Linux here:
https://www.mozilla.org/en-US/firefox/organizations/all/

And the release notes are available here:
https://www.mozilla.org/en-US/firefox/24.6.0/releasenotes/

<name>
Firefox Release Manager

Branching Logistics

When we have the overlapping ESR (and the first build of a major version number for the ESR.next - 10, 17, 24, 31, etc) we do build a separate build with its own branding from the newly minted branch. See https://wiki.mozilla.org/Releases/Firefox_24.0.esr/BuildNotes for how to kick off the builds and http://hg.mozilla.org/releases/mozilla-esr31/rev/e91c79c4c04b for an example of the custom configs needed for that first build's partials that has to land before kicking off the build in ship-it.

Retrieved from "https://wiki.allizom.org/index.php?title=Release_Management/ESR_Landing_Process&oldid=1197894"