The workflows we use for Tor Browser are kinda peculiar.

When you manage a fork, you need a strategy to stay updated with upstream. We create a new branch for every new Firefox release and cherry-pick our previous commits on top of it.

The advantage over merging is that our patches always stay in a single and compact block of commits. So, it is trivial to tell our commits from upstream, and users can easily verify we do not modify Firefox outside those commits (we keep the commit hashes of gecko-dev, the official GitHub mirror of Mozilla's mercurial repositories).

There are also disadvantages: keeping fewer commits helps with this workflow. Therefore, our commits have a meaning of “feature”, not of “change”. Thus, we constantly update them, and the history of a patch becomes hard to follow.

And most importantly, this workflow requires frequent rebases, with the risk of losing some changes. To mitigate it, every new branch goes through a review process before we switch to it.

The main tools we use are git range-diff to check single commits and “diff-of-diffs” to check the patch set as a whole. … [Leggi il resto]