Closed Bug 1495050 Opened 6 years ago Closed 6 years ago

Partner repack 137 Firefox Election Bundle

Categories

(Release Engineering :: Release Requests, enhancement)

Product:
Release Engineering
Component:
Release Requests
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: cpark, Unassigned)

References

Details

We’re partnering with ProPublica to launch a special edition Firefox Election Bundle that has their Political Ad Collector and our Facebook Container pre-installed.

We will co-market the bundle with ProPublica in October and throughout the election period. 

Funnelcake build is needed by 10/2 for marketing campaign launch on 10/4. 


Funnelcake requirements:

Windows and Mac
EN-US 

Custom firstrun URL: https://www.mozilla.org/en-US/firefox/62.0/FirefoxElection

With the following 2 extensions pre-installed:
https://addons.mozilla.org/en-US/firefox/addon/facebook-ad-collector
https://addons.mozilla.org/en-US/firefox/addon/facebook-container

Approved by Nick N - more details available in bug 1494410 (https://bugzilla.mozilla.org/show_bug.cgi?id=1494410)
Absolutely - done!
For the firstrun URL, I'm assuming the version shouldn't be hardcoded.

So:

https://www.mozilla.org/en-US/firefox/62.0.2/FirefoxElection/

for instance.

Or does it have to be 62.0?
Approved.
Thanks, Nick!

Correct, Mike - version should not be hardcoded.
Depends on: 1495061
After a bit of investigation and a conversation with Mike on Slack, I asked him to use this url instead:

https://www.mozilla.org/en-US/firefox/62.0.2/?xv=firefox-election

That's the format we've always used in the past. It's possible we could accommodate the other format if we had more development time but since it is an in product URL and not something that people will have to type in I think this is okay.
No longer depends on: 1495061
Depends on: 1495061
I'm making some build changes after discussion with catlee, want to document them here.

Funnelcakes are really intended for testing. What we're really building here is a partner build.

So I'm creating a custom Github repo for things like this and building them via that mechanism.

All the code will be exactly the same, so no testing we've done to this point is invalidated. We're just building them from a different location and they will be published to a different location.

Going forward, we should think of these as "Firefox partner builds".

(Funnelcakes and partner distros use the same internal mechanisms to do everything, we just need to be clear on naming)
Sounds like a great next step - thank you for the update!
(In reply to Mike Kaply [:mkaply] from comment #9)
> I'm making some build changes after discussion with catlee, want to document
> them here.
> 
> Funnelcakes are really intended for testing. What we're really building here
> is a partner build.

Hi Mike, to what extent do we want PI review on this? I'm asking from a security perspective, but the question probably applies to QA/perf etc. Do we want to review this like a normal Firefox release? Facebook containers has had security review (in an earlier version) but the ProPublica extension and service is external. Some due diligence might be prudent here?
(In reply to Paul Theriault [:pauljt] from comment #11)
> (In reply to Mike Kaply [:mkaply] from comment #9)
> > I'm making some build changes after discussion with catlee, want to document
> > them here.
> > 
> > Funnelcakes are really intended for testing. What we're really building here
> > is a partner build.
> 
> Hi Mike, to what extent do we want PI review on this? I'm asking from a
> security perspective, but the question probably applies to QA/perf etc. Do
> we want to review this like a normal Firefox release? Facebook containers
> has had security review (in an earlier version) but the ProPublica extension
> and service is external. Some due diligence might be prudent here?

I'm not sure I'm the right person to answer that. What are your thoughts Cherry?

It's probably at least worthwhile for PI to run through a build and make sure the Propublica addon doesn't break anything.

Going forward, we'll probably need a better process for these types of builds.
Agree on getting to a better process - Kev is leading that charge in conjunction with RelEng and Product for future partner builds and we'll follow that for Grammarly. 

For PI, Paul, can you clarify what that acronym stands for? There may be some details in bug 1494410 that answer the clearances we've gone through already: Mozilla peer review, Add-ons security review, Privacy, Policy and Legal.
> It's probably at least worthwhile for PI to run through a build and make sure the Propublica addon doesn't break anything.

Mike was referring to: https://mana.mozilla.org/wiki/display/PI/PI+Request

I also strongly support having QA verifing that it is working as expected!
Mike - any thoughts on how Stephanie can troubleshoot?
Looking at https://bugzilla.mozilla.org/show_bug.cgi?id=1450463#c24, releng has to explicitly create download links for us.

NEEDINFOing aki.

(again, with the caveat that we're going to change this URL again. This is only for testing. I'm going to have the correct partner builds spun).
Flags: needinfo?(aki)
When do we expect to have the final URL?
I'm getting it respun now, but aki can create the final URL pointing to whereever we need. I'm guessing it will be something like:

https://download.mozilla.org/?product=firefox-election-edition&os=win&lang=en-US
Created the firefox-election-edition URLs, pointing at the builds from bug 1495844.
Flags: needinfo?(aki)
Thanks Aki!

FYI, these builds don't have the new Propublica extension (it wasn't out yet).

So we'll be doing a respin tomorrow and fixing the URLs one more time.
I'm told this will be running past the US midterm elections. Do we have automation in place to keep the Firefox version and extensions updated for this "firefox-election-edition" bouncer alias?
Afaik we'll need to update the bouncer locations manually every time we ship a new Firefox on the release channel, whether that's 62.0.4 or 63.0 .
(In reply to Cherry from comment #13)
> Agree on getting to a better process - Kev is leading that charge in
> conjunction with RelEng and Product for future partner builds and we'll
> follow that for Grammarly. 
> 
> For PI, Paul, can you clarify what that acronym stands for? There may be
> some details in bug 1494410 that answer the clearances we've gone through
> already: Mozilla peer review, Add-ons security review, Privacy, Policy and
> Legal.

Who did the security review of the Propublica Add-on? Usually my team would do this, and this is the first I've heard of this.
BTW: I can't access 1494410, can you cc me please?
Note: I've completed an initial security assessment of the add-on and summarized findings in 1494410.
Summary: Funnelcake 137 Firefox Election Bundle → Partner repack 137 Firefox Election Bundle
(In reply to Paul [:pmac] McLanahan ⏰ET needinfo? me from comment #22)
> I'm told this will be running past the US midterm elections. Do we have
> automation in place to keep the Firefox version and extensions updated for
> this "firefox-election-edition" bouncer alias?

FWIW, it's currently implemented as a product with 3 locations in bouncer, rather than an alias. Doesn't make any difference to requests though.

(In reply to Aki Sasaki [:aki] from comment #23)
> Afaik we'll need to update the bouncer locations manually every time we ship
> a new Firefox on the release channel, whether that's 62.0.4 or 63.0 .

Agreed. I've filed bug 1497097 to track automating this.
We probably won't automate in the near term, but I've added a checklist item to our docs so we remember to update bouncer.

Should we continue to build the election bundle now that the mid-terms have passed though ?
Ah, thank you - we can close this bug now as the US Mid-terms have passed. No need to continue manual maintenance.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
We do need to keep building updated Election Edition builds as long as there is a link to download one on the site, which there is at:

https://www.mozilla.org/en-US/firefox/election/

Visit that page in a non-Fx browser and at the bottom is a button that links to:

https://download.mozilla.org/?product=firefox-election-edition&os=osx&lang=en-US

The build that this directs to should stay updated so that people aren't given an old and possibly insecure build of the browser. As I said in comment #22 apparently this page and build is supposed to be for elections, not just the US midterms that just happened.

Either that or this page is indeed now abandoned and a bug should be filed for it to be deleted.

NI Eric Renaud in case he has more info on the expected longevity of the page.
Flags: needinfo?(erenaud)
In that case then the manual updates should continue - the plan is to keep https://www.mozilla.org/en-US/firefox/election/ live at least until end of year. Can ping here when the timeline for the page to be deleted is decided.
Sounds good. Thanks Cherry!
Flags: needinfo?(erenaud)

Cherry, now that we're into 2019 is there any update on comment #31 ?

Flags: needinfo?(cpark)

Howdy, there is a EU campaign in the works where this could be referenced so the team would like to keep it live until May/June. We should revisit and check in again after Whistler All Hands. LMK if there are any issues with that.

Flags: needinfo?(cpark)

We've launched the EU Elections page and the bundle is no longer available to download from mozilla.org.

Component: Custom Release Requests → Release Requests
You need to log in before you can comment on or make changes to this bug.