[tor-project] Notes from April 7 2016 Vegas team meeting

[Karsten Loesing]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

See this previous posting for context:

https://lists.torproject.org/pipermail/tor-project/2016-April/000223.html

Notes from Apr 7 2016 meeting:

Shari:
1) We had a board meeting. It was pretty uneventful. The board set up
stuff they want me to accomplish by the end of June (I assisted).
Nothing too hard.
2) Job descriptions have been distributed and posted. Lots of
applicants for the administrative job. A few great applicants for the
writer job. Slim pickings for HR. So I posted it on LinkedIn.
#action: Roger will try to rope some people into a quick blog post
pointing to our three job spots.
3) Got great comments from Nick and Isa on a personnel thing, and I
should be able to incorporate them later today and send back for more.
4) Isa and I head to DC next week for DRL meetings.

Nick:
1) I wrapped sponsor S q1 stuff, with help from Yawning and Sebastian.
+1, would hack again. I had to re-scope my own view of some
deliverables to do so, but what I did is consistent with what we
promised, so... good.
2) We need to restructure the network team so that we don't have a
situation where everybody else's job is "the problem I'm most
interested in!" and Nick's job is "whatever nobody else was excited to
do." It will take a while; ***Isabela is helping.
3) We've got most of triage done for 0.2.9; waiting on the next steps
from **Isabela, which she's going to get done really soon now, so no
worries there.
4) New meeting times seem to work well. Need to get a couple of
developers to be more regular about it, though.
5) I'm waiting on the ***TBB team to put Tor 0.2.8.2-alpha into an
alpha TorBrowser, so I can see some testing on it before putting out
an 0.2.8.3-rc.
Georg says the next Tor Browser release is pushed back a week because
Mozilla is delayed. Maybe we need to do a separate "for testing" alpha
release in the meantime? Or maybe we can just point people to a
nightly? Linus still builds those right?
#action: Nick started a thread about this on #tor-dev. Karsten is helping.

Alison:
1) Membership in the community team is currently an issue. People
don't respond to mail on the list and don't really come to the
meetings. This makes me think that maybe the team needs a total
overhaul. I've been asking for feedback, but I don't want to be
dictatorial about it. I'll keep reaching out to people.
2) Lunar and I are banging out the membership doc and social contract.
We'll be sure to be inclusive at the right stages. Advice solicited.
3) Colin and I (and I hope others) have just started working on
support stuff, starting with the Tor Browser manual. This is an ideal
thing for the community team to work on together.

Isabela:
1) DRL rejected both SOIs - I will email Laura to know if we should
schedule the call they suggest on their rejection email.
2) Main goal this week is to have 029 / deliverables organized.
3) Helped Sue Abt yesterday answering her questions so she can answer
audit questions.
4) Organizing sponsorT work/report since we signed the contract with them.
5) OTF full proposal is due on April 20th (not a hard deadline, they
are flexible) - so for the coming weeks I will be working on that,
working on a presentation for DRL in DC and on DRL quarterly report.
6) And I think all of the above will hurt a little bit what I am doing
with the ux team and the www team in April / because it takes priority
over these things.
7) I talked to Marcin from SIDA last week, who said we should bug him
to followup to our SIDA proposal. I'll do that.

Roger:
1) I submitted the NSF-Dutch proposal last Friday. Success rate is
10%, so don't hold your breath. But even if we don't get it, we can
reuse the text and team for a future one.
2) PETS reviews are due tomorrow, and this month I need to prepare for
the SponsorR quarterly mtg at end of April. I've been unearthing
myself from having family visit. If there's anything you need from me
that I've forgotten, please let me know.
3) I had a good chat with Isa about support. IMO we need to decide our
goals/vision for support, and get a consensus on what our first
full-time support person will do, and then get one. I'm hoping Shari
will help lead us in that.
4) FBI allegedly has a Tor Browser exploit? It would be wise to know
if they're bluffing, or if it's obsolete, or if it's for reals. How
should we proceed? Kate says "there's an upcoming court hearing in
Washington State, perhaps we should act and rally support."
#action: Alison will lead the coordination of this topic for (among)
the people in the Vegas team. First steps, talk to Kate and Mike and
Georg.
5) Tor Messenger sure needs secure update to work. It's the single
biggest problem with using Tor Messenger now. Arlo said it would be
$12k or less -- less with help from Pearl Crescent and Nicolas. This
ties into our global priorities question, so we don't need to decide
today.
#action: Shari approves $12k, and Roger will move it forward.
6) I hear there's a hidden service hackfest being planned in Montreal
in May. Now you know.
7) In Valencia I talked to OTF about them funding an audit on
little-t-tor. They're now excited to do it, and they keep wanting to
do phone calls. Who can I pass this to?
#action: Isabela is excited for it but not now. Roger will reply
telling them May is a better timeframe.
8) Retrospective on this Vegas team format: is IRC working? Is this
Vegas thing in general working?
Consensus is that people are surprised but yes, irc seems to be
working well for the meeting.

Mike:
1) I met with funders last Friday at RightsCon and gave Shari those notes.
2) Emailing with CloudFlare; Our "Good Cop/Bad Cop" strategy with us
being the Good Cop and our users+community being the Bad Cop seems to
be working. They are moving on some things. I am still pushing for Tor
read whitelisting and way simpler captchas. I am also collecting
issues from
people who report them.
#action: Alison will help to gather more user stories.
3) Talking with Google Project Shield to try to see if they would talk
publicly about how they handle Tor (they said they don't compete
directly with CloudFlare - not the same services, so they didn't want
to make noise about it).
4) Talking with Google Search about unblocking Tor; They flagged that
disconnect.me (our Tor Browser search engine) is not using an API key
and this may violate their terms of service. I said we'd be happy to
go back to them if they unblocked us. Otherwise, I think the fight is
between
disconnect.me and Google, and we stay out of it.
5) Gave Kate some suggestions to say to Chris about the FBI 0-day and
gathering more info.

I have been dropping:
1) The Blog upgrade contract
#needs-attention: We should move forward the thread with Kevin re
contract details, and also move forward the pantheon hosting decision
thread.
2) Firefox network code review (I promised GeKo I would write up what
I had, but then the CloudFlare emails started. Will do that write-up
today, now).
3) tor-core release planning details and related work.

For next week:
I'll continue to gather user stories about the cloudflare issue, and
email them. I'm also going to meet with Isabela about release
planning, and probably also sketch an outline of the OTF proposal.

Georg:
1) We are moving slower to esr45 than I hoped but we got another week
(from Mozilla's delay), and that should be fine.
2) OS X signing works. But we have the wrong cert (app store cert vs
gatekeeper cert).
#action: Mike is going to get us a new cert.

Karsten:
1) iwakeh started working on collector and (to some smaller extent) on
metrics-lib. We had a first team meeting with iwakeh today which went
great. All in all, yay.
2) When writing my monthly report for March, I noticed that not many
people are still writing those these days. I looked at tor-reports@
archives
and found that there's roughly a dozen people and teams who write
monthly reports, which includes people here (GeKo, isabela, myself),
other people paid by Tor (asn, dgoulet, Pearl Crescent, Leiah, Colin),
very dedicated volunteers (atagar), and teams (SponsorR, Core Tor, Tor
Browser Team, OONI team). And there are a few people and teams who
occasionally write monthly reports (isis, Sebastian, Tails). But where
are the monthly reports from other people here and from other people
paid by Tor? IMHO we should either decide that it's not a requirement
anymore to write monthly reports, or we should lead by example and ask
paid team members to write reports.
#needs-attention: we should figure out a sustainable plan for keeping
everybody informed of everything. Mike pointed out that the Vegas team
structure could play a role here.
3) should we clean up and send out notes after every meeting or once
per month?
#conclusion: we should send them after every meeting
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJXB2VSAAoJEC3ESO/4X7XBdJMH/ApBaNkJunCMxpFzGBK2LKwW
jTMmKc88ZODDODXOuAoOtdbPOfr/f6eLg25E4itob6/bnXCW+G6emuCYeVm13sZi
muLCYp5nSOGTdPVth2ydHkplyIIfoXEdCKHjA/OFeYvUqRx1rGenIL7UPwtJ+d5q
rq/epA3YbiA8+HqQWJM+4Bx0QFeMpraHdANlMI1ArVuIMXxQdBuDSvA1VTB/Dyg8
y0who/xZfuKXloRVA8389OW9Ekq2n/nKd1aGcdsLLaAyKusHcJwIeVautayHSx/E
VDYDXJxnONqy8Onq13s+mY/tA/2cOUbNnlCKVq2UvFA8ad6Td9fO8t9FrT1nVXA=
=lq3S
-----END PGP SIGNATURE-----