[tor-project] Tor Browser team meeting notes, 25 March
Georg Koppen
gk at torproject.org
Mon Mar 25 20:51:00 UTC 2019
Hello everyone!
Our weekly Tor Browser meeting just ended and, as usual, here come the
link to our IRC log
http://meetbot.debian.net/tor-meeting2/2019/tor-meeting2.2019-03-25-18.32.log.txt
and the content from our pad:
Week of March 25, 2019
Discussion:
- adjusting meeting time (eu is doing the daylight saving thing the
coming weekend) (GeKo: We'll switch to 17:30 UTC as our meeting time;
I'll announce that on tbb-dev later this week)
- blockers for 8.5 (GeKo: We restructured our `tbb-8.5` tickets so
that it is clearly visible what are blockers for the next alpha
(`tbb-8.5-must-alpha`) and what are blockers for the stable release
(`tbb-8.5-must`))
- Letterboxing (GeKo: We'll get around June to help with that and
test on esr60 already)
tjr
- investigated getClientRects. The finding indicate that there are
active fingerprinting issues
from this and similar APIs that leak at least major OS version (win7
vs win10) and some OS settings.
I don't *think* it's used by ad network fingerprinting (yet?) though.
https://bugzilla.mozilla.org/show_bug.cgi?id=1507879
- Investigated math routines. Confirmed these leak at least major OS
version, maybe minor.
On Linux it probably leaks distro or system libraries
Don't think it leaks hardware information
- Investigated chrome:// leak. Confirmed it leaks OS and browser version.
Don't think it leaks anything else except maybe language
mcs and brade:
Last week:
- Reviewed patch and commented in #29790 (Add build option to
store profile in HOME directory).
- Followed up on Mozilla bug 1434666 (updater failing on Linux —
cannot find libraries). (GeKo: nice that rstrong would want to help us.
We should take up that offer in case we need it :) Maybe some patch
uplifting help or something)
- Worked on #27484 (Onboarding: unintuitive not-navigation buttons).
- Monitored #28925 (Core Tor: distinguish PT vs proxy for real
in bootstrap tracker).
This week:
- Review patch for #29825 (Intelligently insert the Security
Level button)
- Finish patch for #27484 (Onboarding: unintuitive
not-navigation buttons).
- Begin #29768 (Introduce new features to users in Tor Browser).
sysrqb:
Last week:
Release prep and release (x2)
#28329 (more UI changes)
Worked on #29238 (prevent crash after update)
Briefly looked at #29859 (App crashes when playing video on Twitter)
Looked at #29866 ("Request Desktop site" should use Desktop UAS)
This week:
Continue working on #28329, #29238, #29859
Discuss localization things
Look at F-Droid again
boklm:
Last week:
- Helped with building and publishing new releases
- Fixed the resource-timing, user-timing and user-timing-worker
tests for #27137
- Fixed #29812 (.mar files for 32-bit Linux are missing for 8.5a9)
- Started adding android-x86 to the download page (#29845)
This week:
- Finish fixing #27137 and disable all currently failing tests
- Finish fixing #29845 (Add android-x86 to the download page)
- Make some patch for #26907 (Guard against failures during MAR
file generation)
- Fix #29868 (tor-browser-build fails in
container-image-windows-i686 attempting to install package
python-future)
GeKo:
Last week:
- release prep (we got 4!! releases out this week; thanks for
everyone who helped, in particular on the weekend)
- wrote a patch for #26498 and backported a mozilla patch for
android (#29843)
- worked on #28622 (Tor Browser branding for Android)
- tracked down #29859 (Playing videos on Twitter is not working
and freezing the mobile browser)
- investigated backporting the JS Poison patch (#29049)
- worked on improved authenticode timestamping (#29614)
- looked over sponsor 8 final report (draft) and upcoming
funding proposal for esr transitioning work
This week:
- finishing #28622
- fix WebGL related issues (#29246)
- try to come up with something for #29859
- reviews
Pili:
Last week:
- Sponsor 8 report
- Preparing for S27 kick off
- Google Season of Docs
This week:
- Infracon
- Finish off Sponsor 8 report
- S27 Kick Off
- Google Season of Docs - start writing some ideas down
pospeselr:
Last week:
patch for #29825 (fix for upgrade path in #25658, inserts/moves
torbutton and security level button, rather than resetting to defaults)
begin investigating #27503 (broken screenreaders on win)
filed #29868 (python-future no longer exists in jessie-backports)
This week:
#27503 fun
sisbell:
Last week:
- Included Android PT Support in TOPL: (thaliproject#86)
- Upgrade for Android Q (thaliproject#85) - needed to break apart
tor executable directory from config dir due to security changes in
Android Q. Updated to tor-android-binary 03.5.8-rc dependency
- Fixed bridges API (and pulling of bridges text file from android
resources) (thaliproject#78)
- Added custom config of torrc for Java TOPL (thailiproject#78) -
needed this to keep project in sync with Android changes
This Week:
- #27609 - integrate latest TOPL changes to tor-android-service
- Submit TOPL PR
- Fix merge conflict in tor-browser-build Orbot project
- Test PT support working in browser
- Review changes in Orbot main project to see if we should merge any
back over
antonela:
Last week:
- TB8.5
- #27484 - Onboarding - Done
- #29768 - Introducing new features - Duncan uploaded a version,
will review this week
- Security Setting Tor Browser manual update is ready to go
This week:
- #28622 - TBA icon
- #28329 - Network Settings, Bootstrapping Animation
- #29768 - Review - Introducing new features
- Debugging TB8.5a9 Security Settings
- Prep for IFF, TBA user testing
Georg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20190325/421763ff/attachment-0001.sig>
More information about the tor-project
mailing list