Releases/Firefox 3.5.2/Post Mortem: Difference between revisions
< Releases | Firefox 3.5.2
Jump to navigation
Jump to search
No edit summary |
Samuelsidler (talk | contribs) (→Notes) |
||
| Line 33: | Line 33: | ||
== Notes == | == Notes == | ||
(to be | * in general, development went okay | ||
* need to work on advisories getting out earlier / on time | |||
** some confusion because of the expediency of this release | |||
** get bsterne mozilla.org check-in access (bsterne; ss will vouch) | |||
* starting builds because we were under embargo hurt us | |||
** in this case, closed source won because they could check in without anyone knowing | |||
** need to work with security researchers to make this not an option on the table (dveditz/lucas) | |||
* lots of great help from all over QA including the community | |||
** a set of trusted QA community helped test this release so we could ship fast | |||
** all around good QA work | |||
** developers also helped a bunch with verifications | |||
* need better idea of driver hand off | |||
** QA was ready to go to bed with 3.0.13 on Friday night | |||
** no decision until Saturday afternoon | |||
** wasn't clear which driver to ping to get it done (ss) | |||
* l10n makefile change messed up repacks | |||
** need to get such changes better tested before they land | |||
** automated tests for such changes should be required (ss) | |||
* faster signing worked great | |||
** had to resign because of the l10n issues | |||
** went *really* fast, which was great | |||
* pulling major update snippets at the last minute wasn't good | |||
** manual task, prone to possible mistakes | |||
** wasn't clear why it was happening | |||
** needs to get communicated better what's happening and why via r-d | |||
** wasn't communicated post-release either | |||
** a follow-up discussion should occur on this (ss) | |||
* XULRunner builds happened at the same time | |||
* partner builds didn't happen at the same time | |||
** automation for partner builds not ready yet | |||
** hoping to have ready soon (joduinn) | |||
* pages we pushed this time were more-or-less fine | |||
** some work being done in the future to improve the messaging (jslater, beltzner) | |||
** be sure to get sign off for these after changes are made | |||
* kubla was slow, like usual | |||
** loading the page with so many locales takes too long | |||
** follow up bugs to file and push on | |||
** need to get bugs fixed and pushed on (ss) | |||
* DoS against EV provider caused AMO to "go down" for Firefox users only | |||
** DoS likely caused by us and our users... | |||
** working with GlobalSign to ensure they're ready for our users | |||
** clearly wasn't the case this time, but we're following up (mrz) | |||
* several antivirus vendors claimed we had a virus (false positive) | |||
** caused by a change in compression for installers | |||
** part of new signing process | |||
** Tomcat followed up with vendors to get fixes out | |||
** worked okay this time, but need to notify them next time | |||
** maybe not take these changes during firedrill releases | |||
Latest revision as of 22:32, 7 August 2009
This is the agenda and notes from the post mortem for Firefox 3.0.13 and 3.5.2 that took place on August 6 at 1pm PDT.
Agenda
Please add your issues to the relevant section below.
Topics:
Development/Security
- MFSAs online ahead of time? Put them on mozilla.com in the release notes as well?
- It would have been nice if we could have started builds prior to Wednesday afternoon. How can we keep from having embargoed bugs in the future?
QA
- 3.0.13 was ready for beta early Sat morning. Decision did not come until later.
- waited 10pm friday until 4pm saturday
- Really great collaboration with some of the developers in bug verification
Build
- Tripped on l10n makefile change. needed to redo l10n repacks/signing/updates.
- New signing worked nicely; needed it for all the re-signing
- This time, we pulled the 3.0.12 -> 3.5.1 major update before shipping at ss' request. Why? Should we continue to do that?
- rationale could be shared pre or post fact in release-drivers [juanb]
- did xulrunner builds at same time
- didnt do partner builds automatically
Web work
- Make sure both product & marketing teams are clear (and agree) on content objectives for what's new page.
IT
- Denial of service on ocsp.globalsign.net caused by everyone trying to validate our EV cert on addons.mozilla.org (bug 508408)
Other
- Several anti-virus products detected the Windows 3.0.13 and 3.5.2 installers as infected (false positive) (bug 508012)
Notes
- in general, development went okay
- need to work on advisories getting out earlier / on time
- some confusion because of the expediency of this release
- get bsterne mozilla.org check-in access (bsterne; ss will vouch)
- starting builds because we were under embargo hurt us
- in this case, closed source won because they could check in without anyone knowing
- need to work with security researchers to make this not an option on the table (dveditz/lucas)
- lots of great help from all over QA including the community
- a set of trusted QA community helped test this release so we could ship fast
- all around good QA work
- developers also helped a bunch with verifications
- need better idea of driver hand off
- QA was ready to go to bed with 3.0.13 on Friday night
- no decision until Saturday afternoon
- wasn't clear which driver to ping to get it done (ss)
- l10n makefile change messed up repacks
- need to get such changes better tested before they land
- automated tests for such changes should be required (ss)
- faster signing worked great
- had to resign because of the l10n issues
- went *really* fast, which was great
- pulling major update snippets at the last minute wasn't good
- manual task, prone to possible mistakes
- wasn't clear why it was happening
- needs to get communicated better what's happening and why via r-d
- wasn't communicated post-release either
- a follow-up discussion should occur on this (ss)
- XULRunner builds happened at the same time
- partner builds didn't happen at the same time
- automation for partner builds not ready yet
- hoping to have ready soon (joduinn)
- pages we pushed this time were more-or-less fine
- some work being done in the future to improve the messaging (jslater, beltzner)
- be sure to get sign off for these after changes are made
- kubla was slow, like usual
- loading the page with so many locales takes too long
- follow up bugs to file and push on
- need to get bugs fixed and pushed on (ss)
- DoS against EV provider caused AMO to "go down" for Firefox users only
- DoS likely caused by us and our users...
- working with GlobalSign to ensure they're ready for our users
- clearly wasn't the case this time, but we're following up (mrz)
- several antivirus vendors claimed we had a virus (false positive)
- caused by a change in compression for installers
- part of new signing process
- Tomcat followed up with vendors to get fixes out
- worked okay this time, but need to notify them next time
- maybe not take these changes during firedrill releases