[tor-project] Tor Browser team meeting notes, 15 Jan 2018
gk at torproject.org
Tue Jan 16 13:29:00 UTC 2018
We had our second Tor Browser meeting in 2018. Here is the meeting
And the notes from the pad are:
Monday, January 15, 2018
-What about Taler (https://taler.net/en/ ) integration into Tor Browser?
-Who wants to be the PoC for Pari's helpdesk reports (following it,
amending it with tickets we already track, making sure it is correct
from a browser side etc.)? (Richard volunteered)
-I want to establish some feedback mechanism within the team by
doing a 1to1 with each team member, say at least once a year. I plan to
start this round end of June 2018
mcs and brade:
- Worked on Moat integration loose ends (#23136).
- incorporated activity spinner image from Antonela
- added support for multiple bridges returned by BridgeDB.
- reviewed dcf's patch for #24642 (cannot use
- Attended the UX + Tor Browser meeting on IRC.
- Read the Android Torbutton and Tor Launcher proposals.
- Investigated the Tor Launcher aspects of #24826 (compressed
consensus diffs stall Tor Browser launch).
- Worked on #24421 (Temporarily allow all this page and New
- Helped with triage of new tickets.
Planned for this week:
- After a test server is deployed by the Network Team, test and
put Moat integration code out for review.
- Comment on Matt's Android Tor Launcher proposal.
- Do more debugging for #24421 (Temporarily allow all this page
and New Identity).
- Work on about:tbupdate issues (#21850 and #24578; avoid using
a query string),
-fought my backlog
-ticket review (and partially merge): #24702, #23911, #23892,
#24842, #21245, #22343, and #18691
-made a bit progress on our mingw-w64/clang-based toolchain (#21777)
-wrote a patch for #23916
-worked on the Tor Browser design doc update (#21256)
-worked on the proposal for the toolbar redesign and better
understanding of security features
-started to think about our android reproducible builds and
updates for Tor Browser on Mobile
-release preparations for 7.5 and 8.0a1
-finish design doc update (#21256); aimed for Friday this week
-further work on the proposal for the toolbar redesign and
better understanding of security features
-think about some improvements to our release signing scripts
- Worked on rebasing tor-browser.git to mozilla-central. I am about
2/3 of the way through. Once all patches are rebased, I will set up on a
nightly automatic rebase script.
- Made a list of patches we should try to upstream for ESR60. I will
send the list to tbb-dev and update bugzilla where needed.
- Attended the Mozilla/Tor UX video meeting and a second meeting
with Mozilla uplift team on fingerprinting patch triage.
- Checked in https://bugzilla.mozilla.org/show_bug.cgi?id=1384309
- I will continue to work on the rebase, and also push forward
any upstreaming patches that look feasible.
- Try to move forward on https://trac.torproject.org/24309 (tor
circuit door hanger)
- If there is time, I also want to look at
https://trac.torproject.org/14952 (HTTP2 audit/patching)
- Worked some patches for:
- #24842 (debug builds are missing libasan.so.2 and
- #18691 (switch Windows builds from precise to jessie)
- #24879 (enable fetching of new commits by default for
- follow the fpcentral setup
- make our testsuite run on nightly builds
- look again at some improvements to our release signing scripts
- review #23916 (Create a new MAR signing key for Tor Browser)
- help with building of the new releases
- PoC Tor Button for Mobile(basically, I moved the code to the
tor-browser.git and started to integrate with the Firefox build system).
- Updates in the Tor Button proposal
- Reading about how tor-android(
- Finish the PoC
- Review sysrqb proposal
- Updates to the tor button proposal
- investigated more avenues regarding #15559 (Range requests used by
pdfjs are not isolated to URL bar domain); conclusion I've come to is
there no nice surgical fix here
- pdf.js seems to require the nsISystemPrincipal for range-based
requests to work properly
- the JS Context the range-requests run in are missing the original
principal and first-party domain information needed to be put on the
- looks like the best that can be done is to just disable
range-based requests, but at the cost of pdf performance
- will no longer be able to read pdfs as they load, the whole thing
has to be downloaded
- it's easy enough to disable range-request, so will have a patch up
for this later today
- will find some other (hopefully simpler) fingerprinting bug to work on
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the tor-project