Hello everyone,
We held a weekly meeting on 16 March, 2020. The meeting log is available at http://meetbot.debian.net/tor-meeting2/2020/tor-meeting2.2020-03-16-17.59.lo...
During the meeting we discussed how Javascript should be handled and disabled on the Safest security level.
================================ Week of March 16, 2020
Discussion: - Should we be using Trac’s merge_ready status for tickets for which review is complete? Who should change a ticket’s state to merge_ready? - Javascript configuration on Safest
pospeselr:
Last week:
- release note reviews (#33534)
- windows update/platform documentation updates
This week:
- finish release note reviews (#33534)
GeKo:
Last week:
- not much done; a bit help with the JS bypass bug
This week:
- more design doc update (#25021)
- test new mar signing key (#33173)
- maybe working on reproducibility of lucetc (#33488)
mcs and brade: Last week: - Code reviews. - Reviewed the manual update instructions, etc. for the TB 9.5a7 release. - Replied to email query from Guardian Project people r.e. implementing Moat. This week/upcoming: - More code reviews, including rebased updater patches (#33533). - Respond to review comments in #19251 (onion services error page). - Revisit #30732 (“Your Firefox is critically out of date" banner). - Revisit #32418 (on every start TB complains that it can't update). - Investigate #29630 (TorBrowser creates empty directory in "/tmp”).
acat: Last week: - Reviews (#33482: Update about:tor donate string, #19251: TorBrowser might want to have an error page specific to when .onion links fail) - Made patch for #33342 (Disconnect search addon causes error at startup) - Revised #28005 (Officially support onions in HTTPS-Everywhere) to use securedrop testing update channel. This week: - Revise #21952 (Onion-location: increasing the use of onion services through automatic redirects and aliasing) to address review comments. - Whatever is most useful for Tor Browser ESR -> regular release migration (or Fenix): - Try to get a tor-browser-build for #33533 (Rebase Tor Browser esr68 patches on top of mozilla-central) - Take a look at fixing tests? - ...
sysrqb: Last week: - Released 9.5a7, 9.0.6, and 9.5a8 - Investigated Javascript bug on Safest security level This week: - Close-out javascript bug - Release prep for 9.0.7 and 9.5a9 - Respond to sisbell regarding Fenix questions - Look at acat's work with rebasing patches
boklm: Last week: - Tested updates in nightly builds: it seems to be working correctly - Opened upstream pull request for #33535 (Patch openssl to use SOURCE_DATE_EPOCH for copyright year) - Looked at possible workflow with quilt - Helped with new releases - Looked at blog comments This week: - Try to get rebased patches from #33533 building in tor-browser-build - Set branch for #25102 in needs_review (Add script to sign nightly build mar files, generate update-responses xml and publish the new version) - Work on testsuite setup - Work on setup of automatic rebasing of tor-browser patches on mozilla-central - Work on proposal for quilt workflow - Some reviews
Jeremy Rand: Last week: - Relayed some Namecoin feedback from Twitter and LinuxReviews to tor-talk. - Posted on r/Namecoin asking for more feedback, hopefully some more feedback will trickle in soon. - Hacked around with #32355 some more. This week: - Wait for more feedback on the Namecoin integration in Nightly. - Maybe hack around with #32355 some more.
sisbell: Last Week: - #33556: TBB for android-components - After integrating with fenix build, I identified a number of unneeded Mozilla project dependencies and removed them. Various plugin fixes. Package artifacts as maven repo. Cleaned up patches. I also identified a couple of areas further of investigation. - #33184: Support for fenix - various plugin fixes, removing of dependencies, now using android-component artifacts locally, learning build internals This Week: - #33184: Fenix - get complete build working (this will still use precompiled artifacts from Mozilla’s gecko view aar) - #33626: TBB for GeckoView - start setting this up so I can identify build dependencies for this (rust, clang). Open related issues.
pili: Last week: - trac triage - Browser team February report This week: - trac triage - Tor Browser release meeting ================================
Thanks, Matt