[tor-project] Tor Browser team meeting notes, 27 Aug 2018

Georg Koppen gk at torproject.org
Mon Aug 27 19:47:00 UTC 2018


Our weekly Tor Browser meeting just finished. Here are the notes, as
usual. The IRC log is found on


and the pad items are below:

Monday August 27, 2018

     - Status of sandboxing discussion? [GeKo: We pick this up again
after the releases are out]
     - Next meeting [GeKo: next meeting is Tue 9/4, 1800UTC due to Labor
day in the US]

mcs and brade:
  Last week:
    - Investigated and posted a fix for #27221 (Tor Browser 8.0a10 wants
to update to 8.0a10).
    - Spent a little time looking at #25694 (Improve the user experience
of updating Tor Browser).
    - Worked on desktop onboarding:
      - Filed and fixed #27283 (default uitour permission does not work
with 1st party isolation).
      - Created a patch for #27213 (Update about:tbupdate to new
(about:tor) layout).
      - Completed our patches for #26962 (new feature onboarding).
  This week or soon:
    - Out of the office:
        - This Thursday and Friday (August 30 and 31).
        - Next Thursday and Friday (September 6 and 7).
    - Follow up on #26962 (new feature onboarding).
    - Comment in #27214 (Update descriptions for onboarding).
    - Do what we can for #25694 (Improve the user experience of updating
Tor Browser).
    - Fix some of the about:tor and onboarding issues that are mentioned
in #27301 (TB8.0a10 UI Bugs).
    - Review our notes from #22074 (undocumented bugs since FF52esr) and
file additional tickets if necessary.
    - Do some testing for #26251 (Adapt macOS snowflake compilation to
new toolchain).

    Last week:
        -network code review
        -being at the Tails summit
        -helped debugging the
TB8-is-caught-in-an-endless-loop-no-windows-bug (#27261)
    This week:
        -start building tb8
        -finish network review
        -PSA: I made be harder available in the internet as usual
between wed-sat due to travel and family obligations

    Last week:
        Worked on TBA-alpha preparations
        Reviewed mobile onboarding
        Began working on #26982 (httpclientandroidlib leaks information
about Android version)
        Looked at Android specific about:config preferences (#27256)
    This week:
        Patch reviews
        Maybe TBA-alpha release, maybe?
        More of #27256 and #26982
        Oh, and may be AFK on Wednesday.


    Not much. Waiting on reviews for mingw-clang, and feedback from
jacek on https://bugzilla.mozilla.org/show_bug.cgi?id=1483762

    The NSS stuff we needed in -esr60 sounds like it will land sometime
soonish, so that would unblock landing build jobs there too

    Fission stuff. Keeping an eye out for Tor concerns =)

    Last week:
        Sent a bunch of updates to  #25696
          - Copy
          - Colors
          - Update configuration
        More updates to the mobile preferences
          - #27220
          - #27271
    This week:
        Finish about:tor once for all
        More alpha bugs

    Last Weeks:
        - #13373 (RUNPATH), #24465 (libatomic): (related tickets)

            compiled but running tests

    boklm:  we set `chrpath -d $LIB` in projects/firefox/build because
of #22242. so how should we handle that for Firefox since we remove the
RUNPATH later?

    Should I just manually set `chrpath` or should we let the RUNPATH
added by selfrando, or selectively remove that?

    I had initially set selfrando to 0 so didn't discover it. but then
later I saw in the code that if selfrando is enabled, we remove the
RUNPATH for Firefox

    [boklm: not sure yet how to handle that. Can you post your current
branch in the ticket?]

    sukhe: sure, thanks.

        - #26476 (Windows crash): continuing with the log comparisonz
    This Week:
        - #27061 (langpack) when ESR 60.2 is released
        - happy to help with 8.0 release including rebasing, building,
testing :-)
        - Continue the above tasks

    Last week:
        - worked on #26149 (Add some ansible roles for tor browser
testsuite setup)
        - helped investigate updater issue (#27221) and tested the fix
made by brade and mcs
        - investigated and started fixing an rbm issue (#27265)
    This week:
        - work on #26149 (Add some ansible roles for tor browser
testsuite setup)
        - reviews if needed, and help with the 8.0 release
    After this week:
        - out of the office from 2018-09-06 to 2018-09-13 (included)

  Last Week:
      Investigated how to remove download dependencies during android
gradle build
      Created program to generate keyrings for android build files
downloaded from bintray
   This week:
      Create program to generate section of RBM config for android build
      Create program to collect sha hashes for dependencies downloaded
from google repo and add to RBM config
      [boklm: not sure generated rbm config will be easy to maintain.
Maybe this script could be doing the download directly instead of
writting rbm config?]
      Verify that RBM is no longer downloading dependencies as part of
the build
      [boklm: Could you start splitting commits from your branch (for
instance, one for adding stretch to debootstrap-image, for adding
android-toolchain, for adding the new platform definition to rbm.conf,
for fixing the rust build, etc ...), so we can start reviewing them, and
merge the parts that are ready?]

    Last Week:
        - investigated #26381 (about:tor not loading on first boot in
localized builds)

            - filed bug with mozilla (
https://bugzilla.mozilla.org/show_bug.cgi?id=1485836 )

    - tjr: I have no idea. bob is out today (bank holiday) but should be
back tomorrow.

    - Was there something about this only triggering when TB was
installed to a 'special folder'?

    - pospeselr: nope, it's a timing issue related to tor-launcher and
sandboxing on windows [GeKo: the idea was that the desktop folder might
be treated differently with sandboxing level >= 3 as the cypherpunk
reported this is not a problem in different folders]

            - root cause still a mystery

    This Week:
        - continue digging into #26381

            - try to identify which sandboxing setting is exposing the
race condition

      - dig into the tab creation logic and see if I can get some sort
of idea of what the actual failure is

      - fiddle around with the tor-launcher code and see if I can figure
out what exposes the issue from there

      - investigate whether installing to other folders makes issue go away

 Last week:
 - Wrote patch for #21787
 - Performed audit for #26611 (verify no locale leaks in ESR60 `Intl` APIs)
 - Wrote patches for #27268 (preferences cleanup), #27262 (Remove more
HTTP pipelining preferences) and #27257 (In Tor Browser prefs,
"dom.network.enabled" should have been ...)
 - Opened and close #27291 (NoScript not working on TBB/ESR60 on
Windows) after investigation
 - Tracked down #26561 (Onion images are not displayed)
 - Tracked down #26670 (Cannot allow Canvas Image Extract in tbb 8.0a9)
 - Wrote patch for #27276 (Update security slider to follow NoScript
protocol change)
 - Posted strings for #27097 (Add "Tor News" newsletter signup link in
Tor Browser)
 - Started investigation of wasm (we will disable for first stable release)
 - Met with Tor uplift team
 This week:
 - Fix #26561, #26670, #26520 (NoScript is broken with TOR_SKIP_LAUNCH=1
in ESR 60-based Tor Browser)
 - Create Tor Newsletter link (#27097)
 - More ff60-esr fingerprinting resistance things as time allows
 - Whatever's needed for next release


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20180827/421cc241/attachment-0001.sig>

More information about the tor-project mailing list