Decide if we release 5.16.1 to mitigate the Downfall and INCEPTION speculative-execution vulnerabilities
This is about #19937 (closed).
Following our decision-making process https://tails.net/contribute/working_together/roles/release_manager/#index3h1:
-
release managers: determine whether we have the capacity to prepare an emergency release, and when - Assuming !1215 (merged) is smooth sailing and merged on Monday morning, technically I could RM 5.16.1 on Monday+Tuesday. This would postpone a couple meetings and delay my work on Research on better communication tools (#19472 - closed). I believe the impact would be similar if boyska RM'ed it. Impact would be much smaller if anonym was in a position to RM it (I don't know).
-
developers i.e. Foundations Team: assess the risk that the emergency release would cancel or mitigate; propose mitigation measures that we could recommend to users - AFAIK there's no PoC to exploit Downfall via a website, but there's a few PoC to exploit it from arbitrary code. So I believe this can be exploited from the execution context of Tor Browser => usually our rule of thumb would say "yes, emergency release".
- No mitigation is available for end-users if we don't release a new Tails.
- Next scheduled release (5.17) is 3 weeks after the earliest plausible release date of 5.16.1. That's a long exposure time.
-
UX: -
evaluate the acceptability of mitigation measures proposed by developers (not applicable) -
remind everyone else that any extra upgrade has a UX cost (I consider myself reminded)
-
-
technical writers: determine whether we have the capacity to document mitigation measures, and when (not applicable)
Other factors to consider regarding "if and when":
- Bonus points if we can include fixes for the main 5.15.1 bugs, that we could not fix in 5.16: #19728 (closed) and #19897 (closed). Or at least code that will it easier for us to debug.
Edited by intrigeri