Hi! We just finished our weekly Tor Browser meeting. The chat log can be found at: http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-06-04-18.00.log.... The notes from our pad are: Monday, June 4, 2018 Discussion: sysrqb: Do we want to use the 'status:' updates during the week like the network team? [GeKo: It seems we like this idea. Need to check with the network team to not mess with their status updates] sysrqb: General question: is there an update/timeline on the new tp.o website? [GeKo: not sure actually] igt0: Last Week: - Updated #1459420 patch (HLS Player doesn't use the centralized Proxy Selector) - Still struggling with the Orfox crash, I also contacted Till from Mozilla (sysrqb: could you give a hand? yes) - Delivered my talk in the JSConfEU about fingerprinting techniques and mitigations. [GeKo: Are there slides/a recording available somewhere?] This Week: - More Orfox debugging - tweak Tor Button to make it work on mobile and initial mobile UI preparation (we need to think about what we can reuse) mcs and brade: Last week: - Reviewed and tested rebased external helper app patch (part of #25543). - Fixed #26235 (Help menu does not open in Tor Browser nightlies based on ESR60). - Started working on #22074 (Review Firefox Developer Docs and Undocumented bugs since FF52esr). This week: - File a Bugzilla bug for #25909 (disable updater telemetry) - Continue with #22074 (Review Firefox Developer Docs and Undocumented bugs since FF52esr). GeKo: Last week: - continued MAR signing key testing - finished macOS patches for new toolchain (including all the other components, not only firefox), nightlies should be available rather soon - made progress on the network review - reviews (#25859, #25650, #26204, #26235) - sent out 1:1 feedback scheduling mails This week: - finish MAR signing testing and come up with a plan for the changes we need for the next update and how we address them (#26050) - network review - more code reviews - help with the windows changes for esr60 - begin of the month admin stuff, ticket prioritization for next alpha - I'll be afk on 6/6 sukhe: Last Week: - Worked on #26204, #25837, #26073, #26216 (in progress), #26205 (in progress). Looked at Windows builds of Firefox 60ESR - Rust build question: what's the purpose of prev_version? Is there a reason we are using the source tar and not the git? I am asking because panic-abort.patch fails to apply for the Windows 32bit build. I am building on top of master with https://github.com/azadi/tor-browser-build-1/tree/bug-26204 and https://gitweb.torproject.org/user/gk/tor-browser-build.git/commit/?h=bug_26... merged [boklm: prev_version is the binary version we use for bootstrapping the build. panic-abort.patch was made on rust 1.25.0 and it seems it will need to be rebased on version 1.26.1.] This week: - Resume #26126, #26205, #26203 (Windows builds) tjr - Ethan, Tim and Gary are back! Had their first couple days. Will sync up with them this week. (Arthur says: yay!) - Expect a Tor/Mozilla sync meeting to get scheduled after all-hands, probably late day Berlin time / early morning USA time - MinGW Work - x64 Sandbox work: https://bugzilla.mozilla.org/show_bug.cgi?id=1461421 - x64 Sandbox with jemalloc: https://bugzilla.mozilla.org/show_bug.cgi?id=1466192 - Jacek will start on mingw-clang sometime soonish in https://bugzilla.mozilla.org/show_bug.cgi?id=mingw-clang and children boklm: Last week: - reviewed #26204, #26249, #9711, #25832, #25894, #25554, #25548, #26195, #26003 - updated #25860 (Clean up OpenSSL's configure options for Windows) This week: - finish reviewing #24632 (Update macOS toolchain for ESR 60) - update HEASLR patch (#12968) and try to inspect the binary to check if we are good - start looking at #26050 and #26234 (update "watershed" for ESR60-based Tor Browser) - fill upstream binutils ticket for #26148 - continue work on some ansible roles for testsuite VMs setup (#26149) pospeselr: Last week: - run without /proc patch uplift updates - seems like #23247 test failures were some intermittent issue with the ESR60 tryserver, rebased agains latest and test failures went away - localization approach of pulling strings from tor-button strings list won't work as is (due to string formatting specifiers) - problem is modifying that first line which either shows: - the various HTTPS and encryption properties (uses string formatters) OR - scary connection not encrypted message (hard coded string) - for onion https connections we would need to throw away the HTTPS info altogether and only display a constant 'onion encryption' message for the 1st line - if anyone has thoughts on this I'm all ears - started work on #26039 (<profiledir>/preferences/extension-overrides.js will not be loaded in ESR 60) - took off Friday (and Monday was Holiday) This week: - finish up #26039 patch sysrqb: - Last week: Monday was US holiday Continued work on TBA patches Looked at Orfox bug Began dogfooding nightly - This week: Rebasing and testting TBA patches on top of Arthur's Tor Browser patches (#26233) Looking at Orfox bug some more arthuredelstein: - Last week: Finished a branch for #26233 (Rebase to Firefox 61) Started work on #14952 (HTTP2 audit and patch) - This week: Try to get a patch for review for #14952 Work on #25555 (optimistic socks) and #26128 (noscript/security slider, possibly in collaboration with sukhe) Georg