[tor-project] Tor Browser Team Meeting Notes, 2 December 2019
Matthew Finkel
sysrqb at torproject.org
Mon Dec 9 18:25:24 UTC 2019
Hello everyone,
Last Monday we held our weekly Tor Browser Team Meeting. The notes are
available
http://meetbot.debian.net/tor-meeting2/2019/tor-meeting2.2019-12-02-18.29.log.txt
We briefly talked about team/ticket maintenance, and we are looking at
allocating funding for fixing bugs using the Bug Smashing funds we
received in August (yay!).
We held a conversation about what purpose the .mozconfig* files within
the tor-browser repository should have. We decided they should be
useful/usable for developers now, and we may change how they are
maintained in the future.
Finally we discussed a problem with localized Tor Browser installations,
where the locale of the browser may leak to websites, therefore people
who use locales that are not very popular may place themselves in small
anonymity sets. Should we warn users about this before/after they
download the browser? When and how should we do it? These are open
questions, and we're still looking for some help answering them.
===========================================
Discussion:
- Release
- December ticket assignment and Reviewers
- #32116
- #32602 (Consider what to do about locales used by very few people)
pospeselr:
Last week:
- US thanksgiving holiday travel fun
- more flu!
- 9.0.2-build2 build ->
https://people.torproject.org/~richard/builds/9.0.2-build2/
- Mozila 1594455 uplifting progress (letterboxing improvements)
https://bugzilla.mozilla.org/show_bug.cgi?id=1594455
- Prototype patch for #32325 (add option to disable letterboxing
to about:preferences)
- going to try and get this uplifted to firefox directly to
avoid having to write two rather different patches to handle our
disparate localization systems
- screenshot: https://share.riseup.net/#Mgnlm4ZlDQO9mlUtGGZ5fg
This week:
- update #32116 patch with comments pointing devs to actual
mozconfig's in tor-browser-build
- submit #32325 patch to Mozilla
- review/comment on #32645 (Update URL bar onion indicators)
- nail down UX design on #30570
boklm: (might be afk during meeting)
Last week:
- Finished first part for #25101 (Generate incremental mar files
for nightly builds)
- Helped with build of new releases
- Added test for #27265 (In some cases, rbm will download files
in the wrong project directory)
- Updated patch for #32475 (Reduce the number of locales we
provide updates for in nightly)
- Reviewed #31130 (Use Debian 10 for our Android container
images)
- Looked at blog comments
This week:
- Will be at Reproducible Builds summit the next 3 days
- Help with publishing of the new releases
- Work on:
- #31988 (Generate a mar signing key for nightly builds)
- #25102 (Add script to sign nightly build mar files)
- Try to find some time to test rebased patch for #30334
(build_go_lib for executables)
GeKo:
Last week:
- more work on #32053 (made good progress; a patch is hopefully
ready later this week), #31597 (made good progress), and #25021 (made
not so good progress :( )
- wrote patches for #32556, #32505, 32618
- reviews (#32616, #32498, #32255, #32475, #25101, #32365, #32606,
#27265, #32527)
- release prep
- work on apple signing infrastructure update (#32173, #32556)
- more RLBox investigation in my spare time
This week:
- #32053, #31597, #25021
- start with the BIG ticket triage
- reviews
- more RLBox work in spare time
mcs and brade:
Last week:
- Enjoyed some time off for the U.S. Thanksgiving holiday.
- Sponsor 27 work: #19757 (permanent storage of client auth keys
and associated management UI).
- Code reviews:
- #32498 (Update MAR_CHANNEL_ID for nightly build).
- #32505 (Tighten our rules in our entitlements file for
macOS).
- Reviewed recent Mozilla updater changes and worked on #32616
(disable GetSecureOutputDirectoryPath() functionality).
This week/upcoming:
- More work on #19757 (permanent storage of client auth keys and
associated management UI).
- Code reviews.
Jeremy Rand:
Last week:
- Decided to be a subversive by not taking time off for
Thanksgiving :)
- Tested boklm's patch for #32527.
- Debugged #32520 a bit, submitted a patch that doesn't need
libfaketime.
- Spent most of my dev time on non-Tor things while I'm waiting
for more feedback to show up for #30558.
This week:
- Address whatever review happens on #30558.
- @pili Would it be beneficial for me to attend S27-related
meetings to provide a Namecoin perspective? If there's stuff happening
there that's relevant, I'm happy to attend; if it's not going to be
relevant; then that's fine too and I can save my time for other things.
:)
sysrqb:
Last week:
Release prep and building
Some ticket reviews
This week:
Releases
Sending some overdue emails
tor browser spec updates
android signing key documentation
antonela
- opened #32645 Update URL bar onion indicators
- reviewed #21952 Onion location
- reviewed #32325 Allow letterboxing opt-in/out
- reviewed #30570 Implement per-site security settings support
sisbell:
Last Week:
- #31130 - Buster Support - small change to use snapshot repo.
Tested Android variant build
- #32476 - Review/Comments of JNI services
- #32534 - Review/Comment on new jtorctl implementation
- #32501 - Fixed formatting in TorSettings interface (TOPL) - ready
for review
- #32516 - Write methods in TorConfigBuilder - fixed a number of
issues to make methods cleaner, more consistent.
- #32405 - Crash after bootstrap - fixed/merged
- Thanksgiving holiday
This week:
- test buster on different variants
- #28704 Compile Tor and dependencies (#28764 SSL, #28765 LibEvent)
Pili:
Last week:
- S9 Phase 2 report
This week:
- Catching up on roadmap and projects after reporting season
- Please start tagging bugs with "BugSmashFund" and adding
points to it so we can start "using" the pot of money :)
- Please update your November Actual Points
- Reminder about moving off Storm and into NextCloud - please
move any documents you want to keep to Nextcloud
===========================================
- Matt
More information about the tor-project
mailing list