[tor-project] Tor Browser team meeting notes 6 May 2019

Georg Koppen gk at torproject.org
Tue May 7 12:12:00 UTC 2019


We had another weekly Tor Browser meeting yesterday. The IRC log can be
found at


The contents of the meeting pad are pasted below for you convenience:

    - Should we whitelist NoScript for extension signing like we do for
the other bundled extensions? We should think about how to avoid similar
problems to armagadd-on 2.0 (#30388) in the future, specifically not
having a bundled extension stop working (mcs)
    - esr68 transition work (GeKo: we plan to start soon with picking up
toolchain work and rebasing browser patches (+ getting Torbutton
integrated in the browser)
    - 8.5 release work (GeKo: due to armagadd-on 2.0 we'll postpone the
8.5 release and won't ship it with the 60.7.0esr security release; eta
is a week later)

mcs and brade:
    Last week:
        - #30000 (Integrating client-side authorization to onion
services v3).
            - experimented with Arthur's old patch from 14389#comment:15.
            - discussed requirements with Network Team members.
        - Helped a tiny bit for #30388 (NoScript and all user-installed
add-ons got deactivated!).
    This week:
        - Revisit #29627 (Moat: add support for obfsproxy's meek_lite).
        - #30000 (Integrating client-side authorization to onion
services v3).
            - Think more about control port event vs. SOCKS or HTTP
CONNECT error code and respond in #14389.
            - Review UX proposal in #30237 and respond.
        - Finalize travel plans for the Stockholm meeting.

  - Backported letterboxing to esr60

    Last week:
        - widl updates for #27503:
            - last week's refactor patch broke typequalifier/type
associations (ie does const go with the pointer or the pointee) but got
passed that this weekend and am closing in on fix for wine:47035,
knowing what I know now, the remaining two bugs (47050 and 47041) are
easy in comparison
            - simply dropping in midl built bits onto the mingw build
doesn't work, as the generated headers have incompatible types (though
this approach might make sense for dropping in fixed widl built bits
rather than patching widl in mingw)
          - armagadd-on 2.0 fun (#30388)

    Last wek:
      - many reviews (#30280, #29981, #30325, #30214, #30371, #29045,
      - 8.5 release prep
      - tested letterboxing patches (#30373)
      - then I got drowned in armagadd-on 2.0 work (#30388)
    This week:
       - remaining armagadd-on 2.0 work
       - preparing Tor Browser releases based on Firefox 60.7.0esr
       - reviews
       - finish monthly team admin work
       - feedback mails
       - back to toolchain work for esr68

    Last week:
        - disabled or fixed some of the failing tests
        - made some patches for #30325 (Remove bison from default
packages where it is not needed) and #29981 (Add yasm to the list of
dependencies for android builds)
        - reviewed #29319 (Remove FTE support for Windows), #29307 (Use
Stretch for cross-compiling for Windows), #29731 (Remove faketime for
Windows builds)
        - made travel plans for the Stockholm meeting
        - helped with build of the emergency release (#30388)
    This week:
        - publishing of new releases
        - finish disabling all failing testsuite tests
        - start looking at #28672 (Android reproducible build of Snowflake)

       Last week:
           - S27

               - more  roadmapping

               - first report sent

           - S9 workplan
           - Google Season of Docs organization
        This week:
            - dev meeting session planning

   Last week:
       - #30237
   This week:
       - Reading stuffs about #30029
       - #30024
       - sync with pospeselr to touch base about security settings per
tab (note: not needed for now)
       - sync with sysrqb on TBA release


    Last week:

    - Worked on mostly on 30304 (Browser locale can be obtained via DTD
strings) and a bit on 26607 (verify that subpixel accuracy of window
scroll properties does not add fingerprinting risk)

    This week:

    - Follow up 30304 on Bugzilla, try to fix breakage on central and
try to get it merged.

    - 26607

  Last week:
  - #30166 - custom bridges - verified working with latest code in Browser
  - #30404 - Remove Orbot Project from browser build (in review)
  - #30162 - Tor Bootstrap Process stuck. Made improvements. Still issue
of connecting while existing tor process is shutting down (this is
recoverable). Looking into a few different solutions for fix.
  This Week:
  - #30162 tor bootstrap
  - Working on mirror for TOPL
  - Fix for multiple tor control ports open

    Last week:
        Release prep (#30239, #30214, #30215, #29982, #30069, #30136,
#29757, #30371)
    This week:
        Fighting with nitrokey and APK signing (#26536)
        More release prep and reviewing tbb-8.5-must tickets


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20190507/3d150d5c/attachment.sig>

More information about the tor-project mailing list