[tor-project] Tor Browser team meeting notes, 7 May 2018
gk at torproject.org
Mon May 7 19:34:00 UTC 2018
Here is another round of notes from our weekly Tor Browser meeting,
latest edition today.
The chat log can be found at
and our pad items were:
Monday May 7, 2018
-meeting invites (specific meeting day one day earlier?) [GeKo: We
try to have a dedicated tor browser team day before the official team
meeting day this time and see how it goes]
-how much should we care about nightlies being busted (build- and
function-wise) while having all the transitions to ESR-60 underway?
[GeKo: we'll update to newer toolchains starting with Linux presumably
breaking the other platoforms. I'll annouce that to tbb-dev and we'll
fix it as fast as we can. That way, we get the transition to ESR60 with
no additional effort while at least having nightlies on Linux available
all the time]
-reviews and release preparations
-finished macOS cross-compilation of rustc
-started looking into updating macOS toolchain
-further rebase review
-made small progress on
https://bugzilla.mozilla.org/show_bug.cgi?id=1390583 (stylo build bug
for windows); still need to figure out some missing pieces
-took 1 1/2 days off
-Richard: How is the monthly meetup with Pari going on getting
up-to-date about issues users are facing? [GeKo: not sure, Richard will
-release help (signing etc.)
-being of the month admin work (ticket keyword updates/roadmap
-finish rebase review
-macOS toolchain update
-start with the network code review ESR52-ESR60
-further bug triage
-I plan to be afk on Thursday (public holiday) and, potentially,
I think it should be possible to easily reintroduce separate
optimization settings so long as the setting exists on the JS Compartment.
I did this for Timer Precision Reduction:
MinGW Work: https://bugzilla.mozilla.org/show_bug.cgi?id=1389967
[GeKo: so, you get the browser running and now are hitting the shutdown
crashes? Do you have a patch set somewhere I could try locally to bypass
the crashes I see?]
Actually, this is in TaskCluster. Locally it seems to run (I don't
seem to be hitting the SVG Asert anymore, although I haven't changed
anything.) I have not tried esr60 actually, this one a commit midway
is my patchset, of which the most important one is
https://hg.mozilla.org/try/rev/ee28ff6445d0 to avoid runtime crashes
More investigation is needed on my part before I feel comfortable
telling you "Yes, try it, you won't be wasting your time"
- continued work on #23247 (Communicating security expectations for
- have a patch working in ~90% of cases
- built test environments for various mixed-mode scenarios
- more #23247
- there are a coupe of edge cases not explicitly covered by the
google doc, will send out an email later with details
- Arthur: one thing not accounted for with regards to this ticket is
the hanger menu off of the info/lock icon shows 'Connection is Not
Secure' and the wrong icon for https(s) onion domains
Since you've had to mess around in there for the new onion circuit
UI, could you point me to where this rendering logic is handled?
Here's where the security view and security subview are implemented
A lot is done in CSS:
And I think most of the logic is here:
mcs and brade:
Note: To accommodate a series of family events, Kathy and I will have
limited availability for Tor work from May 16 - May 30.
- Finished rebasing Tor Browser updater patches for ESR 60; tested
on Linux and Windows.
- Spent some time thinking about #25694 (improve updater UX) and
made a comment on that ticket.
- Participated in the UX/Tor Browser "sync" meeting.
- Review Matt's changes for #25750 (update Tor Launcher for ESR 60).
- Do some testing of the revised Tor Launcher in an ESR60-based browser.
- Follow up on some ESR60 updater loose ends.
- File a Bugzilla bug for #25909 (disable updater telemetry)
- Start to work on #22074 (Review Firefox Developer Docs and
Undocumented bugs since FF52esr)
- Investigated a bit more about accessibility on Fennec(#25902).
- it fires events just when the Exploration by Touch feature
- Exploration by Touch changes how the user interacts with
the apps and it must be enabled by the user, so IMO this bug doesn't
have a high priority.
- Fennec is leaking the user's OS language (#26018)
- I sent a patch to mozilla:
- HLS player on Android is not using the central Proxy Selector
- Sent a patch to mozilla:
- More linkability/fingerprinting/proxy bypass investigation on
- Tor button with 60ESR Desktop/Mobile.
- Patch for building Orfox (#25980)
- Investigated using Tor-Launcher with 60ESR and put patches
- Merged https-everywhere update for Orfox (#25603)
- Return to testing TBA patches (#25741)
- Read about igt0's investigation results on fingerprinting vectors
- Begin designing Tor Launcher for Android
- Pick up Bug1440789 again (upstream feature add-on support bug)
- Finished a new patch for #22343 (Save as... in the context
menu results in using the catch-all circuit)
- Built Tor Browser releases and confirmed and signed hashes
- Worked on getting tor-browser-build to work with rebased patches
- Today I will post the latest 25543 branch with updater
patches from mcs and brade)
- Finish getting tor-browser-build branch for Linux [OS X will
wait for #9711]
- https://bugzilla.mozilla.org/show_bug.cgi?id=1330467 (When
"privacy.firstparty.isolate" is true, double-key permissions to origin +
(Sanitize Pointer Events),
- helped build the new releases
- worked on testsuite VMs setup
- updated patches for #25817 (Add ansible scripts for setup of
nigthly build server ) and #25318 (Add Tor Browser nightly builds email
notification) after review comments
- made some progress on the binutils bisect to find commit
responsible for reproducibility issue in #16472 (Upgrade Binutils to 2.25+)
- Will be afk on Thursday and Friday
- publishing the new releases on Wednesday
- continue bisecting the binutils issue
- continue work on testsuite VMs setup
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the tor-project