Tor Browser team meeting notes, 5 Feb 2018 - tor-project

5 Feb 2018


      Hi!
Here are the meeting notes for the Tor Browser meeting which just finished.
The transcript can be found at:
http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-02-05-18.59.log....
And here are the entries from our pad:
Monday, February 05, 2018
Discussion:
    -sessions for the meeting days
    -next meeting
boklm (maybe afk during meeting):
    Last week:
        - worked on some patches for:
            - #25111: Don't compile Yasm on our own anymore for Windows
Tor Browser
            - #24995: include git hash in tor --version
            - #20892: use sha256sums-signed-build.txt in
download_missing_versions
        - started opening sub-tickets for #18867 (Ship auto-updates for
Tor Browser nightly channel)
        - started doing some rsyncs to upload nightly builds to
nightlies.tbb.torproject.org, but rsync from an .onion seems to be too
slow to rsync everything in less than a day
        - was at FOSDEM this weekend
        - afk most of this monday
    This week:
        - fix the https-everywhere test from our testsuite
        - work on #18867 (Ship auto-updates for Tor Browser nightly channel)
        - try to fix upload of builds to nightlies.tbb.torproject.org
mcs and brade:
    Last week:
        - Commented on some of "our" bugs that are listed in Arthur's
Uplift Tracker.
        - Debugged and fixed #25089 (Special characters not escaped in
proxy password).
        - Helped a little with #25099 (Update nightly version number).
        - Reviewed the fix for #22794 (Don't open AF_INET/AF_INET6
sockets when AF_LOCAL is configured).
        - Did some bug triage, e.g., #25064 (Don't record update history).
        - Did a little work on #23136 (Moat integration):
                - Discussed backing out the SOCKS optimistic data patch.
                - Pinged dcf about creating a new meek tag for us.
                - Pinged isis regarding the problem where BridgeDB is
not returning any bridges.
Planned for this week:
        - Review the updated patch for #22794 (Don't open
AF_INET/AF_INET6 sockets when AF_LOCAL is configured).
        - For #23136 (Moat integration):
                - Assist Isis as needed with the "no bridges returned" bug.
                - Request review of Tor Launcher's Moat client
implementation.
        - Review gk's proposal for redesigning the security controls.
        - Plan Rome travel.
        - Triage the Tor Launcher bug list (set priorities, close
outdated tickets).
sysrqb:
    Last week:
        - Ran many Try builds using master and TBA branch and corrected
failures
          - I'd like to patch tor-browser.git with some small changes so
Try builds are nearly the same as official Tor Browser builds
            - I don't have much to discuss, but is there a reason for
not doing this?
        - Started `step 0` of Tor Launcher integration
          - Built a test package, but I still need to test it
        - Chatted with Arthur about Tor Launcher in TBA and the current
Tor Launcher proposal
    This week:
        - Update #19675 (Merge Orfox patches into tor-browser) with
current status and next steps
        - Write a design proposal (with igt0) for TBA (in general)
        - Decide what the minimal viable product should be for shipping TBA
          - Should we ship with tor-launcher on mobile or should we
release a version that still requires Orbot?
          - Isa, is the UX team working on designs for mobile, like a
Tor Launcher flow?
igt0:
    Last week:
        - Did few updates in the Tor Button Proposal (I still need to
add more info about language importer):
https://storm.torproject.org/shared/YzB0w-EaaSIeD8jHszY5MiyeGG7s3Br4RcTwc0FU...
        - Update the commit message and rebased with the latest tor
button version #25013
        - Ported the code from #25013 to the mobile
browser(https://github.com/igortoliveira/tor-browser/tree/tor-button-mobile)
(it doesn't work yet because the button does not exists, so
the gettorbutton method doesn't work)
          Geko, Arthur: are we going to move the tor circuit to the
address bar? (and what about the new identity?) [Arthur says: yes --
this is #24309 and #24918][It's not decided yet what to do with New
Identity but it's more  a general thing, not site-specific. Thus, I am
inclined to not move it to the address bar but have maybe an own button
for it on the toolbar given it's importance - GeKo]
    This week:
        - Add the tor button icon in the mobile menu so i can keep
integrating the tor button extension into Orfox
        - Add the language importer in the #25013
        Geko, mcs: What about the
https://trac.torproject.org/projects/tor/ticket/25126 ? do we have a
design document or should we make the current page responsive?
tjr
Still working on Timer Fuzzing, but think I have a real path forward now
Sandbox almost uplifted:
gk: Can you remind me/refresh me on what the Sandbox Exports thing
is? [That's a suggestion I got from bobowen to avoid mingw-related
crashes on win32; they said to me that this is a thing that will be
deprecated in the future IIRC and that's fine to take a different code
path - GeKo]
Bug people may be interested in:
https://bugzilla.mozilla.org/show_bug.cgi?id=1435780
pospeselr:
Last Week:
patch for #22794
This Week:
Firefox patch uplift
Sync with Pari's spreadsheet
arthuredelstein:
Last week:
Worked on uplift
https://bugzilla.mozilla.org/show_bug.cgi?id=1433357
https://bugzilla.mozilla.org/show_bug.cgi?id=1432983
https://bugzilla.mozilla.org/show_bug.cgi?id=1432983
https://bugzilla.mozilla.org/show_bug.cgi?id=1432905
https://bugzilla.mozilla.org/show_bug.cgi?id=1433517
https://bugzilla.mozilla.org/1330467 (wrestling with weird bug in
rebase)
Looked into what locales we can add (#20628).
Made some comments about security slider issues
Discussed tor-launcher strategy with sysrqb
This week
Continue uplift
Try to fix https://bugzilla.mozilla.org/1330467
Continue rebasing to mozilla-central
Yet another revision for Save As bug (#22343)
isabela
Was sick most of last week.
Got the extension for sponsor4 negotiated (also added 2 small tasks,
so we could receive remaining funds from this grant)
Working on sponsor8 report (late cuz i was sick) - will follow up
with mobile team after meeting
hopefully meet this wed and catch up on the circuit display work
GeKo:
    Last week:
        -worked on #21777 and made little progress
        -wrote a patch for the .onion mixed content blocking
        -debugged sandbox related crashes on 64bit systems
        -thought a bit about Vista crashes with 7.5 (#25112)
    This week:
        -work harder on #21777
        -fix tests for the .onion mixed content blocking and put ticket
in needs_review
        -further debug sandbox related crashes on 64bit systems
Georg