[tor-project] Tor Browser team meeting notes, 8 Oct 2018
gk at torproject.org
Tue Oct 9 07:34:00 UTC 2018
We had our first weekly Tor Browser meeting in October yesterday and
here are, as usual, the link to the the IRC meeting log:
and to our meeting notes on the pad:
-Timesheets! (GeKo: they need to be submitted by 7th the following
month and approved by 10th the following month)
-status updates redux (GeKo: If you work, then please put a status
update to #tor-dev, so we all keep in sync over the week)
-team rotations (see:
for what the network team has) (GeKo: We'll start with more build duty
rotations and think about other areas where the rotation idea might be
- tjr: should i cancel the monthly mozilla sync tomorrow? Leaning
strongly towards yes. (GeKo: Yes, this got cancelled)
-secruity releases preparation (much thanks to boklm for doing
-catching up on reviews
-work on design doc (#25021) and release doc update (#25030)
-finalizing the roadmap
-getting back to staring at our reproducible build issues with
-start looking into single-locale repacks (#27466)
-tjr: when would be a good time to chat about the tb8
retrospective with focus on mozilla stuff?
- [tjr] Did Ethan & co indicate they wanted to be there?
15:00 UTC is our usual meeting time for Europe+West Coast...
-mcs/brade: do we still need to do #27239 or are we done with
the feedback for the network team? Response from mcs: We recently
commented in #27691 (a child ticket). There are a lot of tickets though,
so we should take another look and give feedback to the network team. We
may need to ask catalyst for a summary of how clients like Tor Launcher
will be affected.
mcs and brade:
Since our last meeting:
- Attended face-to-face meeting in Mexico City.
- Helped with triage of new tickets.
- Completed some code reviews.
- Tested Tor Browser 8.0 to 8.0.1 updates.
- Created a patch for #27623 (wrong default pref values in Tor
- Helped with regression #27865 (Tor Browser 8.5a2 is crashing on
- Created a patch for #27905 (many occurrences of "Firefox" in
- Investigated #27828 ("Check for Tor Browser update" doesn't seem
to do anything).
- Completed end-of-month administrative things.
- Finish post-travel paperwork.
- #27828 ("Check for Tor Browser update" doesn't seem to do anything).
- Attended the f2f Tor meeting
- decompressing from the meeting. (take a look in the notes,
double check the roadmap and so on)
- #25013 (Move TorButton code to the tor browser repository)
- Write proposal for tor button for android.
- attending Mexico meeting
- releasing security releases
- work on torbrowser testsuite
- try to make rebundling faster by generating multiple bundles
in parrallel (#27218)
- some reviews
- Generated tarball of android dependencies
- android-toolchain work and testing: #26697 #27439
- #27440 LLVM Support (fix regression)
- #27443 - Firefox: this requires some amount of rework to align
with changes in android-toolchain.
- mexico city
- fixed dev pc
- cleaned up logger built to debug #26381 (sandbox race
condition on windows)
- ping ethan on #3600
- #3600 work (disable cookies being passed through on redirects)
- [tjr] any chance you could summarize what the plan is for
this? [pospeselr] yes
- last week, was getting up to speed on the redirect cookie
problem ( https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections
seems like a good place to start here for reference)
- it looks like there are three classes we need to worry about:
HTTP redirects (302 and friends), JS redirects (window.location), and
HTML redirects (http-equiv="refresh" meta tag)
- initial plan is to prototype/hack a solution for HTTP redirects,
see what breaks (and build test page for each)
- [tjr] When you say " just disable the cookie redirect via a
pref"... what do you mean?
- rather than just blanket disabling cookie forwarding on redirect,
only do so when a pref is enabled to improve chance the patch can get
- [tjr] I still don't understand. You're on a.com. You click a link
to b.com (which sends cookies for b.com). You receive a redirect to
c.com. You're saying "We won't send cookies for c.com"?
- [pospeselr] that sounds about right, unless I'm misunderstanding
- [tjr] I don't think this is helpful. The cookies for b.com have
already been sent to b.com. There's a very limited benefit here... I
think a design document would be helpful; but it's up to you =)
- [pospeselr] the discussion can be found here:
Not my area of expertise so if there's obvious holes here I'm all
ears. Seems like concern of affiliated websites cookies being used to
auto-log you in (ie when traversing various google properties)
- putting logger up on github w/ patch that can be directly
applied to firefox for that logging goodness
- Close to landing a mingw-clang x86 job
- Close to landing pdb support for mingw-clang
- Worked on mingw-gcc jemalloc a bunch. No conclusions. Next step is to
compile esr60 with mingw-clang and see how that looks....
- Worked on the mozilla-release issue with sukhe a bit. Couldn't build
tb-alpha. This is really confusing. I wonder which will get done first:
mingw-clang or this....
- How do we decide when/whether to incorporate user feedback into Tor
Browser releases? (GeKo: There are no strict rules that govern this so
far: it depends on how many users are affected by an issue, what else we
have to do etc.)
- Finished at Mexico meeting
- Took a day off
- Worked on https://bugzilla.mozilla.org/show_bug.cgi?id=1330467 (FPI
- Patch for https://trac.torproject.org/27959 (2018 Tor Browser
- Try to finish FPI permissions
- Look at tbb/8 issues, including
- Work on donation banner code when ready
- Optimistics SOCKS if time
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the tor-project