[tor-dev] Nick's status report for June 2012

Nick Mathewson nickm at freehaven.net
Fri Jun 29 18:48:19 UTC 2012 

June was a pretty decent month!

With help from Mike Perry, I finished a couple of rounds of job
interviews, so we could select a new core developer.  Let's welcome
Andrea Shepard to the Tor project; she's already off to a great
start, even though she's only part-time for her first couple of
months.

I migrated the Free Haven Anonymity Bibliography
(http://freehaven.net) to git, and fixed a bunch of longstanding
bugs in it, so that its output finally passes the w3 validator.

I wrote up a couple of emails about the statuses of current
proposals, and proposals implemented in 0.2.3.x, and send them to
tor-dev.  I hope to do this every month or two.

I finally circulated my proposals for improved cell crypto (202),
and for impersonating an HTTPS server (203).

Weasel and I had a chat about how to avoid backporting all
conceivable patches to 0.2.2.x.  From now on, I'm going to
distinguish between "new stable" and "extended support stable" --
once a Tor series has been stable for long enough, it should really
get fixes for grave bugs only.

With help from many others, we tagged Tor 0.2.3.17-beta and
0.2.3.18-rc.  These fixed a lot of bugs; I think Tor 0.2.3.x is
getting close to being ready for a stable release.  Once there are
packages available for your platform, please try them out!

"I reviewed piles of code, merged a bunch of code, and fixed piles
of bugs."  This is usually the shortest sentence in my status
reports with the highest amount of time actually consumed.  For
details, see the ChangeLogs for Tor 0.2.3.17-beta and 0.2.3.18-rc
inclusive for everything that actually got merged.  If you like to
follow code getting reviewed and merged, and you have a high
tolerance for incoming email volume, I recommend the tor-bugs and
tor-commits mailing lists.

Some highlights include:

  * Tor clients now declare a less fingerprintable (and actually
    accurate, we hope!) set of ciphers in their TLS handshakes.  In
    0.2.4, this will enable us to use more secure TLS
    ciphersuites. (See bug 4744 and proposal 198.)

  * Tor now enables compiler-hardening options by default.

  * We made a quick workaround for a horrible bug in OpenSSL 1.0.1
    that prevents TLS 1.1 and TLS 1.2 from renegotiating
    successfully.

I forked a maint-0.2.3 branch from master.  Now changes to Tor 0.2.3
go into maint-0.2.3, which gets merged forward into master; changes
made only in master will appear in 0.2.4 only.

I started a new repository called "tor-next" (at
https://gitweb.torproject.org/tor-next.git).  It has two main
branches, "tor-next" and "tor-next-023".  These branches are
regenerated periodically; they contain the patches that I'm
currently considering merging to master and to maint-0.2.3
respectively.  This way, complex code can get a little testing
before I actually merge it.  If the alpha code just hasn't been
alpha enough for your tastes, and you like building from source, you
might want to give tor-next a spin.

Tor-next is automatically generated by a script; you can see it in
our "githax" repository at
https://gitweb.torproject.org/githax.git/blob_plain/HEAD:/scripts/make-tor-next

I've started merging pending things into 0.2.4.x, and reviewing
patch series which had been tagged for Tor 0.2.4.x.

I participated in a fun reddit "ask me anything" session with Runa,
Karen, and others.

I've started playing around with shadow to get it running on my
desktop.  It worked out okay, but I haven't yet managed to actually
do more with it than say, "Yup, that runs."

I've scrambled to try to get ready for the developers' meeting and
for PETS in early July.  Apparently, I'm out of practice at
arranging and preparing for travel.

Andrea and I started sketching out plans and possible schedules for
Tor 0.2.4.  We're doing okay making plans at the proposal level, but
trying to select and cost out individual tickets seems to be proving
more trouble than it might be worth.  Further, we're a bit stymied
by the state of deliverables tracking; that's going to take some
brain-dumps at the dev meeting.  Still, I'm hoping we can have a
rough plan for 0.2.4 some time before mid-July: I'd like to be able
to declare merge deadlines some time around then.

best wishes,
-- 
Nick

More information about the tor-dev mailing list