[tor-project] Tor Browser team meeting notes, 23 April
Georg Koppen
gk at torproject.org
Thu Apr 25 06:37:00 UTC 2019
Hello!
Due to Easter we had our weekly meeting on Tuesday this week (same time,
same location, though). The IRC log can be found at
http://meetbot.debian.net/tor-meeting2/2019/tor-meeting2.2019-04-23-17.31.log.txt
and our pad items are pasted below:
Discussion:
- tbb-8.5-must tickets and 8.5 release (GeKo: We plan to get the
building for 8.5 started next week)
GeKo:
Last week:
- mostly offline, trying to do some vacation
This week:
- backlog processing
- getting back to reviews
- back to work on Tor Browser 8.5 blockers starting with missing
localization for mobile (#30069)
- I am still missing self-feedback from some of you (not naming
names)
sysrqb:
Last week:
- Alpha release
- TOPL review (#30199, #27609)
- Reviewed Google Play analytics, opened tickets for reported
crashes
- Opened and began investigating #30239
This week:
- Finish investigating and start writing patch for #30239
- Work on animation for #28329
antonela:
Last week:
- Tried to be offline.
This week:
- #25658, what is left here? Anything needed on my side? (GeKo: I
think we are good here for 8.5; we should pick up the missing
site-permissons in May, I think)
- #28800, still in April? -
https://trac.torproject.org/projects/tor/ticket/28800 (GeKo: no, that's
more for May)
- #27399, #29955 could we sync on it? (GeKo: yes, let's do that
in the next days)
- #30000, in progress
- DRL review, O3 GeKo, could we sync about this objective to be
in the same page? Deadline is Friday (GeKo: sure)
acat:
Last week(s):
- 24622: Torcrazybutton can't decipher website s3.amazonaws.com
- 30115: NoScript's XSS popup breaks circuit display in some cases
- 30171: Always accepting third party cookies seems to break first
party isolation
- 26607: verify that subpixel accuracy of window scroll properties
does not add fingerprinting risk
- 26608: investigate <link rel="preload">)
This week:
- Follow up 26607
- More fingerprinting (if there is nothing with more priority)
26599: investigate CSS masks feature for fingerprinting potential
26602: investigate whether CSS clip-path adds a fingerprinting risk
26601: investigate whether SVGGeometryElement introduces a
fingerprinting vector
26605: investigate window.requestIdleCallback() for possible timing
leaks
[Tom] Looking at bugzilla,
https://bugzilla.mozilla.org/show_bug.cgi?id=467035 and
https://bugzilla.mozilla.org/show_bug.cgi?id=1461454 may be active
fingerprinting vectors I'd suggest reviewing the status of (GeKo: I'll
look into that and file at least tickets if needed)
mcs and brade:
Past two weeks:
- #29768 (Introduce new features to users in Tor Browser).
- #30104 (browser onboarding: 8.5 security level image includes
English text).
- Posted patch for #29045 (ask tor to leave dormant mode).
- #30000 (Integrating client-side authorization to onion
services v3).
- set up and experimented with v2 and v3 onion services that
have client authorization enabled.
- Helped with triage of incoming tickets.
- Code reviews.
- Completed our self-evaluations for the Tor employee/team
feedback process.
- Took some time off for Easter.
This week:
- #30000 (Integrating client-side authorization to onion
services v3)
- Finalize travel plans for the Stockholm meeting.
tjr
- Sent mail about letterboxing
- Next step: I'd like to get a Yay or Nay on the proposed solution.
(It's very similar to the current rounding of 200x100) (GeKo: I look
closer at it this week)
Can people test in Nightly using the pref string, or should I bake
the logic in there so people only have to toggle the pref on?
- Then try to backport to 60 for TB Alpha testing?
boklm:
Past two weeks:
- helped build 8.5a11, published it and followed comments on the
blog
- did some cleanup on dist.tpo (#30204)
- some reviews
- updated patch for #29981 (Add option to build without using
containers)
- made patch for #30089 (Use apksigner instead of jarsigner)
This week:
- Finish fixing #27137 and disable all currently failing tests
- Make some patch for #26907 (Guard against failures during MAR
file generation)
- Travel plans for the Stockholm meeting
pili:
Last week:
- vacation
This week:
- Submitted google season of Docs application - ideas reviews
still welcome:
https://trac.torproject.org/projects/tor/wiki/doc/GoogleSeasonOfDocs2019
- S27 roadmapping
- Need to think about how to deal with orbot tickets (GeKo: I
think we should call a meeting with n8fr8 and nail things down, finally)
pospeselr:
Last weeks:
- #27503 investigation (widl is at least partially to blame here)
- filed several bugs with wine devs with min repros
demonstrating invalid tlb generation
- submitted a patch for one of the issues
- misc nextcloud admin'y things
- reviewed the 'Decks' app
This week:
- working on widl patches
sisbell:
Last week:
- #30162: Tor bootstrap process stuck. Investigated. Confirmed this
is due to previous tor process running. Opened some issues in TOPL
regarding fixes
- #30272: Opened this issue - startup doesn’t handle loss of
connection like airplane mode
-#30166: Custom bridge - fixed issue
- TOPL Pull request approved and merged into their master.
This Week:
- Fixes for #30162 - there are a few issues surrounding this to
improved startup
- #30168 : Cleanup tor-browser-build for TOPL fixes. Specifically fix
Orbot issue #199 - Move resources from orbotservice to main app
- Do self-review
Georg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20190425/4ebed4bb/attachment.sig>
More information about the tor-project
mailing list