[tor-project] Tor Browser Team Meeting Notes, 2 December 2019

Matthew Finkel sysrqb at torproject.org
Mon Dec 9 18:25:24 UTC 2019

Hello everyone,

Last Monday we held our weekly Tor Browser Team Meeting. The notes are

We briefly talked about team/ticket maintenance, and we are looking at
allocating funding for fixing bugs using the Bug Smashing funds we
received in August (yay!).

We held a conversation about what purpose the .mozconfig* files within
the tor-browser repository should have. We decided they should be
useful/usable for developers now, and we may change how they are
maintained in the future.

Finally we discussed a problem with localized Tor Browser installations,
where the locale of the browser may leak to websites, therefore people
who use locales that are not very popular may place themselves in small
anonymity sets. Should we warn users about this before/after they
download the browser? When and how should we do it? These are open
questions, and we're still looking for some help answering them.


    - Release
    - December ticket assignment and Reviewers
    - #32116
    - #32602 (Consider what to do about locales used by very few people)

    Last week:
      - US thanksgiving holiday travel fun
      - more flu!
      - 9.0.2-build2 build ->
      - Mozila 1594455 uplifting progress (letterboxing improvements)
      - Prototype patch for #32325 (add option to disable letterboxing
to about:preferences)
        - going to try and get this uplifted to firefox directly to
avoid having to write two rather different patches to handle our
disparate localization systems
        - screenshot: https://share.riseup.net/#Mgnlm4ZlDQO9mlUtGGZ5fg
    This week:
      - update #32116 patch with comments pointing devs to actual
mozconfig's in tor-browser-build
      - submit #32325 patch to Mozilla
      - review/comment on #32645 (Update URL bar onion indicators)
      - nail down UX design on #30570

boklm: (might be afk during meeting)
    Last week:
        - Finished first part for #25101 (Generate incremental mar files
for nightly builds)
        - Helped with build of new releases
        - Added test for #27265 (In some cases, rbm will download files
in the wrong project directory)
        - Updated patch for #32475 (Reduce the number of locales we
provide updates for in nightly)
        - Reviewed #31130 (Use Debian 10 for our Android container
        - Looked at blog comments
    This week:
        - Will be at Reproducible Builds summit the next 3 days
        - Help with publishing of the new releases
        - Work on:
            - #31988 (Generate a mar signing key for nightly builds)
            - #25102 (Add script to sign nightly build mar files)
        - Try to find some time to test rebased patch for #30334
(build_go_lib for executables)

    Last week:

    - more work on #32053 (made good progress; a patch is hopefully
ready later this week), #31597 (made good progress), and #25021 (made
not so good progress :( )

    - wrote patches for #32556, #32505, 32618

    - reviews (#32616, #32498, #32255, #32475, #25101, #32365, #32606,
#27265, #32527)

    - release prep

    - work on apple signing infrastructure update (#32173, #32556)

    - more RLBox investigation in my spare time

    This week:
        - #32053, #31597, #25021
        - start with the BIG ticket triage
        - reviews
        - more RLBox work in spare time

mcs and brade:
    Last week:
        - Enjoyed some time off for the U.S. Thanksgiving holiday.
        - Sponsor 27 work: #19757 (permanent storage of client auth keys
and associated management UI).
        - Code reviews:
            - #32498 (Update MAR_CHANNEL_ID for nightly build).
            - #32505 (Tighten our rules in our entitlements file for
        - Reviewed recent Mozilla updater changes and worked on #32616
(disable GetSecureOutputDirectoryPath() functionality).
    This week/upcoming:
        - More work on #19757 (permanent storage of client auth keys and
associated management UI).
        - Code reviews.

Jeremy Rand:
    Last week:
        - Decided to be a subversive by not taking time off for
Thanksgiving :)
        - Tested boklm's patch for #32527.
        - Debugged #32520 a bit, submitted a patch that doesn't need
        - Spent most of my dev time on non-Tor things while I'm waiting
for more feedback to show up for #30558.
    This week:
        - Address whatever review happens on #30558.
        - @pili Would it be beneficial for me to attend S27-related
meetings to provide a Namecoin perspective?  If there's stuff happening
there that's relevant, I'm happy to attend; if it's not going to be
relevant; then that's fine too and I can save my time for other things. 

    Last week:
        Release prep and building
        Some ticket reviews
    This week:
        Sending some overdue emails
        tor browser spec updates
        android signing key documentation

- opened #32645 Update URL bar onion indicators
- reviewed #21952 Onion location
- reviewed #32325 Allow letterboxing opt-in/out
- reviewed #30570 Implement per-site security settings support

    Last Week:
    - #31130 - Buster Support - small change to use snapshot repo.
Tested Android variant build
    - #32476 - Review/Comments of JNI services
    - #32534 - Review/Comment on new jtorctl implementation
    - #32501 - Fixed formatting in TorSettings interface (TOPL) - ready
for review
    - #32516 - Write methods in TorConfigBuilder - fixed a number of
issues to make methods cleaner, more consistent.
    - #32405 - Crash after bootstrap - fixed/merged
    - Thanksgiving holiday
   This week:
    - test buster on different variants
    - #28704 Compile Tor and dependencies (#28764 SSL, #28765 LibEvent)

    Last week:
        - S9 Phase 2 report
    This week:
        - Catching up on roadmap and projects after reporting season
        - Please start tagging bugs with "BugSmashFund" and adding
points to it so we can start "using" the pot of money :)
        - Please update your November Actual Points 
        - Reminder about moving off Storm and into NextCloud - please
move any documents you want to keep to Nextcloud

- Matt

More information about the tor-project mailing list