[tor-project] Tor Browser Team Meeting Notes, 9 December 2019

Tue Dec 17 21:22:52 UTC 2019

Hello!

We held our weekly meeting on 9 December. The logs are available
http://meetbot.debian.net/tor-meeting2/2019/tor-meeting2.2019-12-09-18.29.log.txt
.

In that meeting we discussed on which platforms Tor Browser is
supported. The current set of supported operating systems and processor
architectures is significantly based on Mozilla's list, but that list
hasn't been defined. This question wasn't resolved during the meeting.

I created a wiki page, as a starting point for what we have now. I may
have some errors on that page, so please correct it if there are any
errors (in particular, the supported compilers per platform).

https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Supported_Platforms

The second topic we discussed was writing a specification for the
information provided at
https://aus1.torproject.org/torbrowser/update_3/release/downloads.json .
It is a convenient source of the currently available Tor Browser
versions, however there isn't any documentation of its format (except
ticket #16551). This should be added in the tor-browser-spec repository,
and it should be described on the (future) Dev web portal.

We concluded the meeting by having a meta-discussion on how we annotate
topics on the meeting pad. Until now, discussion topics were bolded on
the pad, but that does not translate into plain-text emails. We decided
for future meetings we will both bold the line and add a '[discuss]'
annotation at the beginning of the line.

===============
Week of December 9, 2019

Discussion:

    - Which Tiers Mozilla has
(https://developer.mozilla.org/en-US/docs/Mozilla/Supported_build_configurations)
do we want to support? Where do we draw the line?

    - it seems the *bsds are maintained elsewhere? (seems okay to me)

    - what about windows aarch64 (which is even a tier 1 platform for
Mozilla)?

    - then we have #12631 (Tor Browser for ARM architecture) and #28326
(Tor Browser for PPC64LE). would we just take a patch or even build
those things during releases and make them available on the website?

    - We have
https://aus1.torproject.org/torbrowser/update_3/release/downloads.json
for helping other projects/folks that depend on parsing the latest Tor
Browser updates (great)

      but we have not place where this is documented (not so great).
Where do we want to put that info?

    - One idea was to create a retroactive proposal in our
tor-browser-spec repo where users can then learn about it but maybe
there is a smarter plan

   - Should we delete old meeting notes?
   - Reminder to move documents off storm and into Nextcloud

GeKo:

    Last week:

    - #32053 (patch is finally up for review), #31597, #25021

    - started with the BIG ticket triage

    - reviews (#30558, #32676, #28475, #32659, #32116)

    - summarized the current macOS signing situation with some possible
ways forward (Jeremy: is there a link to this summary?  sysrqb informs
me that it's in #32173, thanks.)

    - more RLBox work in spare time

    - poked a bit at mingw-w64-clang GeckoDriver build issue on the
weekend (https://bugzilla.mozilla.org/show_bug.cgi?id=1489320)

    This week:

    - likely help with another revision of the OTF proposal

    - #31597 (hopefully finishing that one this week), #25021

    - more old ticket triage

    - reviews

    - more RLBox work in spare time

mcs and brade:
    Last week:
        - Sponsor 27 work: #19757 (permanent storage of client auth keys
and associated management UI).
        - Added comments to a few tickets:
            - #32654 (Torbrowser overides user disabling tor proxy after
restart).
            - #32460 (download page has confusing flow, especially with
donate banner).
    This week/upcoming:
        - More work on #19757 (permanent storage of client auth keys and
associated management UI).
        - #32674 (Change link on 'Get involved' in about:tor to new
community portal).
        - Review for #21952 (Onion-Location).

Jeremy Rand:
    Last week:
        - Addressed Georg's review so far on #30558.
    This week:
        - Address whatever additional review happens on #30558.
        - Review boklm's rebased #30334 patch.

boklm:
    Last week:
        - helped publish new releases
        - looked at blog comments
        - fixed #32675 (Add lt, ms, th locales to the alpha download
page)
        - attended reproducible builds summit
        - helped with patch for #32676 (Consider publishing a tarball
with all Tor Browser langpacks)
        - rebased patch for #30334 (build_go_lib for executables) and
started testing it
    This week:
        - Finish reviewing/testing #30334 (build_go_lib for executables)
        - Review #32053 (Tor Browser bundles based on Firefox 68 ESR are
not reproducible (LLVM optimization issue))
        - Work on #18867 subtickets:
            - #31988 (Generate a mar signing key for nightly builds)
            - #25102 (Add script to sign nightly build mar files)
        - Look at macOS signing situation

tjr:
    Submitted the form boundary randomization patch for review
    MinGW Build improvements, mostly on mozilla's/central's end:
        bump to clang 9
        bump mingw version and remove a bunch of ifdefs for undefined
stuff in mingw
        build libssp (without building gcc!) for fortify source and
stack-protector

pospeselr:
    Last week:
        - revisions for Mozilla 1594455 (letterboxing UX improvements)
        - revisions for Mozilla 1601040 (letterboxing settings in
about:preferences#privacy)
        - started real work on #30570, creating new dummy permissions
for javascript and active content
    This week:
        - afk in second half of the week
        - continue work on #30570 and keeping the ball rolling on those
Mozilla tickets
    Next week:
        - offline most of next week but not afk

sysrqb:
    Last week:
        Releases
        Ticket maintenance/triage
        Drafted some emails
    This week:
        More ticket maintenance
        OTF proposal
        More drafting emails
        Android signing key documentation
        Updating Tor Browser Design Doc

sisbell:
   Last Week:
   - #28764 - OpenSSL Android - working with latest
   - #28765 - LibEvent Android - working with 2.1.11 (If we use current
2.1.8 we need to apply a patch)
   - #28766 - Tor Build for Android - in progress 
   This week:
   - #28766 - Tor Android build
   - #31130 - test builds for whezzy and stretch work with latest Debian
version
   - Follow up about jtorctl deployment to maven repo

pili:
    Last week:
        - Ticket Triage
        - October and November Tor Browser reports
        - S27 reports
    This week:
        - December and January roadmap review
        - OTF Proposal revisions
    Next week:
        - AFK from December 20th 2019 - January 7th 2020 (might extend
it to January 8th or 9th...)

antonela:
    - reviewing TorBrowserTeam201912 + ux-team tickets

    https://trac.torproject.org/projects/tor/ticket/32228

    https://trac.torproject.org/projects/tor/ticket/32119

    https://trac.torproject.org/projects/tor/ticket/21952

    https://trac.torproject.org/projects/tor/ticket/30570

    - S27 - https://trac.torproject.org/projects/tor/ticket/32645
    - anything we would like to discuss during the next All Hands
meeting with Firefox folks?

         https://pad.riseup.net/p/h_AP8p92R9AhcDaxAUxk
===============

Thanks,
Matt