[tor-project] Tor Browser Team Meeting Notes, 18 November 2019

Matthew Finkel sysrqb at torproject.org
Tue Nov 19 01:16:42 UTC 2019 

Hello!

We held our weekly Tor Browser Team meeting on Monday. Here are the
meeting logs:
http://meetbot.debian.net/tor-meeting2/2019/tor-meeting2.2019-11-18-18.29.log.txt

During the meeting we briefly discussed on-going work for making onion
services more usable.

Next, we briefly talked about some Android-related work. We have a
useful collection of libraries now, but they may not be the best
solution, especially as some of our partners in this space are actively
developing different solutions. We will have more discussions in the
future about how Tor development on Android (and mobile, in general)
should continue.

Finally, an idea was proposed of creating a Tor Browser build that makes
troubleshooting network connectivity problems earlier. Ticket #32540 was
created for this.

Weekly notes:

====================================
Week of November 18, 2019
Discussion:
    What is the status of our testing suite? (test-reports.tbb.tpo? Are
the tests run automatically anywhere and are the results publicly
available?)


GeKo:

    Last week:

    - Help with OTF proposal

    - Still banging my head against #32053 :(

    - reviews (#30327, #31130, #32508)

    - #31597 (closed Mozilla bugs between esr60-esr68)

    - worked on the signing infrastructure for macOS #32173

      - went over all our signing related tickets and tagged them with
`tbb-sign`
(https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-sign)

    - more RLBox work (wrote patches for #32436 and #32437 over the
weekend)

    - wrote small patch for #32509

    - a bit thinking about the design doc update

    - HackerOne house-keeping and triage

    This week:

    - more work on #31597

    - more work on #32053

    - more work on #32173

    - design doc update

    - reviews

    - more RLBox work in my spare time


mcs and brade:
    Last week:
        - Sponsor 27 work: #30237 (v3 onion services client auth).
            - Tied up loose ends.
            - Posted patches for review and revised them based on
feedback from Richard.
        - Spent a little time on #10416/#29020 (Tor won't start on
Windows when path contains non-ascii characters).
        - Commented in #32498 (Consider updating MAR_CHANNEL_ID for
nightly build).
    This week/upcoming:
        - For #19757, think about permanent storage of client auth keys
and associated management UI.
        - Respond in #32418 (up-to-date Torbrowser notifies that it
can't update).
        - Add actual points to completed tickets.

Pili:
    Last week:
        - OTF Browser Proposal
        - S44 Final report
        - Trac triage
        - Tor Browser Release meeting
        - S27 meeting
        - Tor Browser October report
        - General roadmap admin
    This week:
        - OTF Browser Proposal
        - S44 final report
        - Trac triage

Jeremy Rand:
    Last week:
        - Addressed review of #30558.
        - Addressed review of #19859.
        - Filed #32520.
        - Debugged #31691 a bit.
        - Filed #32523.
        - Filed #32527.
    This week:
        - Address whatever review happens on #30558 and #19859.

sysrqb:
    Last week:
        Some work on the OTF proposal
        Fastly event
        Ticket triage
        Ticket assignments
        Misc Tor Browser things
    This week:
        More OTF proposal
        More ticket triage and assignments
        Write summary of Fastly event and thoughts about onion services


acat:
    Last week:
        - Revised #28745: THE Torbutton clean-up
        - Worked on #21952 (Onion-location: increasing the use of onion
services through automatic redirects and aliasing):
            - Exposed in about:preferences
            - Implemented automatic redirects as with "Location" header.
            - Basic visual feedback when redirect ("manual" or
automatic) to .onion has happened
    This week:
        - Wrap up work on #21952, and do builds so that it can be
tested.
        - Check #32255 (Missing ORIGIN header breaks CORS in Tor Browser
9.0) and take some action (not sure exactly which one)
        - Follow up #32297 (try to reproduce with new info from
reporter)

boklm:
    Last week:
        - Updated patch for #25099 (Update nightly version number)
        - Worked on patch for #25101 (Generate incremental mar files for
nightly builds)
        - Some reviews
        - Looked at blog comments
    This week:
        - Finish patch for #25101 (Generate incremental mar files for
nightly builds)
        - Generate a mar signing key for nightly builds (#31988)
        - Make patch for #32475 (Reduce the number of locales we provide
updates for in nightly)
        - Test/review rebased patch for #30334 (build_go_lib for
executables)

sisbell:
    Last Week:
    - #Broke apart #30501 issues. These are (will be) broken into
changes 1) No API changes; 2) API changes but easy conversions to
Android shared pref format; 3) Breaking API changes and changes needed
to underlying shared prefs (with data migration needed). (1) issues are
#30767, #32516; (2) #32501, #32518 + more this week; (3) #30501 -
BridgeList + sets for enumerations of addresses
    - #30767 - TOPL Custom obfs4 bridge does not work work for Android -
Recreated isolated commit (in review)
    - #32516 - TOPL Cleanup write methods. Various cleanup to simplify
writing of torrc fields.
    - #32501 dormant canceled field - previous patch broke
tor-android-service: I added  a couple of commits to bring these changes
into tor-android-service and TOPL. We should be able to remove patches
in browser build after this.
    - #32476 More investigation into JNI. Open question if this supports
Desktop platforms or whether changes are Android specific only. 
    This Week:
    - Define and work on issues for (2) API breaking changes and (3) if
time
    - Follow up with guardian project to define more specific plans
    - Prototype with JNI
    - #31992 apktool workaround
    - Would like to do MR for #30767, #32516, #32501 to TOPL project
this week

pospeselr:
    Last Week:
     - US holiday on monday
     - reviewed #30237 (mcs/brade onion service auth)
     - deep dive into NoScript for #30570 (per-site settings)
     - fixed about:preferences#tor UX bug #32508
    This Week:
     - hmm see why the fix for #32508 isn't working as expected
     - investigating feasibility of adding first-party isolation
double-keying to NoScript, prototype
    Next Week:
     - Holiday travelling from the 24th through the 6th with
limited/unpredictable availability
    Next Month:
     - Moving cross-country sometime in the middle of December also with
limited/unpredictable availability
====================================

Have a good week,
Matt

More information about the tor-project mailing list