[tor-project] Tor Browser Team Meeting notes, 14 October 2019
sysrqb at torproject.org
Mon Oct 21 13:45:16 UTC 2019
Sorry for the delayed report. We held our weekly Tor Browser meeting
last Monday in #tor-meeting2. Here is the IRC log:
Briefly, we discussed ticket priority for the upcoming release, as well
as ticket priority for the remainder of the year.
Week of October 14, 2019
-remaining items for 9.0
-next major tasks to work on until the end of the year (I have
#30570, #28325, #31660, s27, and s9 (#18867 nightly auto-updates) on my
list; does that sound reasonable? Is there more/anything else?) [sysrqb:
31005 maybe a task we want before next year, and get a head start on
- Electrum-NMC optimization for Python certifi package (only include
root CA's from top 10 intermediate CA's in the Alexa Top 1 Million) --
is getting more data on real-world root CA usage in Electrum servers
considered a blocker for a merge to Nightly? -Jeremy
tjr (double-booked on meetings, highlight me for a response)
- mingw-clang tests are landing in esr68 \o/
- I backported the wasm patch to ESR68; running through try. Should be
-release prep for 9.0a8
-esr68 feature review (#31591)
-investigated #32013 and #32057
-wrote patch for preference clean-up (first round) Thanks to
Thorin for all the hard work! (#27268)
-wrote patch for enabling lang pack signature checks on Windows
and Linux again (#31942)
-reviews (#31286, #30429, #31010, #30460, #13543, #31607,
#32041, #30665, #30461, #31144, #31768, #31910, #32018, #31778, #27511,
#31568, #31968, #31979, #31564, #31822)
-started investigation of reproducibility bugs (#32052/#32053)
-help with 9.0a8 release
-help with reproducibility bugs recently found (#32052/#32053)
-preparing Tor Browser 9 and 9.5 and building it
-finish some small patches for 9.5a1-only changes (e.g.
-finish esr68 feature review (#31591)
-make more progress on all closed bugs between esr60 and esr68
-tracking down address bar issue (#32019)
-double-checking #27604 (bundle relocation is broken) [mcs:
brade and I could take this task if it would help you] (GeKo: please do.
i think we could even think about implementing the small fix I mentioned
in the ticket (or something better) at least for 9.5a1)
- OTF Browser proposal
- FOSDEM main track talk and stand submission
- S27 meeting to discuss prop 304 and prop 309 incompatibilities
- Tor Browser release meeting
- general roadmap and ticket gardening
- OTF Browser proposal
- S27 meeting
- #30054 - added some updates on next steps
- #32011 - added aarch64 .apk to download page
- afk next week - traveling to London for MozFest on Monday and
afk intermittently throughout the week
Reviewed and tested acat's #31010 patch
Reviewed and tested #31822 patch backport for security slider on
Filed a ticket for completely disabling ActivityStream on
Audited wasm implementation #21549
Reviewed Mike's networking audit results, and wrote patches
Test patches for network potential leaks (#31144)
Test wasm (should we try this in 9.5a1? I saw we're enabling
asm.js in 9.0)
Revert aarch64 torbutton fixup (#31730 )
Maybe bring search engine parity on mobile (#30017)
- Namecoin stream isolation
- Addressed Conformal's feedback on btcd/rpcclient PR. It's
now ACKed by one of the Conformal devs and should be merged shortly.
- #19859: Addressed Nick's feedback on torspec patch.
Awaiting further feedback.
- Added stream isolation to hlandau/madns; Hugo has merged
- Patched ncdns to use madns's stream isolation; PR should
be merged soon.
- Patched ncdns to isolate cache; PR should be merged
- Patched ncprop279 to use madns's stream isolation and
accept stream isolation data via Prop279; PR should be merged soon.
- Electrum-NMC syncup optimizations
- Forward-ported parallel blockchain sync to 3.3.8 branch.
- Noticed that tor-browser-build doesn't have a license.
- Filed #32038
- Was a bit less productive than usual due to spending the
weekend babysitting the network during a scheduled softfork.
- This decreased productivity may bleed into the beginning
of this week.
- Finish up stream isolation in ncprop279 and dependencies.
- Continue working on #19859, assuming my current patches get
mcs and brade:
- Finished #31768 (Introduce Tor network settings and other
updates in TB9 onboarding).
- Finished #31910 (replace meek_lite with meek in circuit
- Created #31984 (unable to remove directory: tobedeleted)
- based on blog comment
- Prepared for and participated in Sponsor 27 meeting r.e. onion
service errors vs. SOCKS optimistic data.
- Open a Mozilla bug for #31547 (Back out or modify patches for
Mozilla's bug 1574980). [done]
- Open a Mozilla bug for #31955 (macOS: avoid throwing inside
- Investigate #31984 (unable to remove directory: tobedeleted)
- Investigate #32039 (Tor Browser 8.5.5 is not working on macOS
10.15 after being freshly installed).
- Investigate #32055 (Importing bookmarks from Safari doesn't
- Help with other tbb-9.0-must tickets as time permits.
- Attend Sponsor 27 meeting.
- Record Actual Points in our completed tickets.
- Finish #31778: Support default dark-theme for the Circuit
- #13543: HTML5 media support may lead to fingerprinting
- #31602: Remove Pocket indicators in UI and disable it by
- Review #31286.
- #31740: Review RemoteSettings usages in esr68
- Revert aarch64 torbutton fixup (#31730 )
- Investigate/think about #13543 spoofing values.
- Help with tbb-9.0-must tickets
- Revise https://bugzilla.mozilla.org/show_bug.cgi?id=1581537.
[Browser UI locale is leaked in several ways]
finished candidate patch for #31268
tried to build the build2 candidate over the weekend, ran into
- some gradle weirdness (that went away after a restart)
- can't build snowflake because the commit used in the config
doesn't exist anymore due to branch merges [boklm: could you open a
ticket for this issue? pospeselr: created #32066]
#31268 review changes
misc bug fixes ( #31920, #31749, #31748)
- Made patches for:
- #31968 (Use sudo if /proc/cpuinfo isn't readable in the
- #32018 (Remove unicode Character 'NO-BREAK SPACE' (U+00A0)
- Worked on #32014 (Fix fpcentral after update to buster)
- Helped build new alpha release
- Looked at reproducibility issues (#32052 and #32053)
- Reviewed #29013 (Provide stack smashing protection for
- Investigate reproducibility issues (#32052 and #32053) and try
to fix them
- Help publish new alpha release
- Try to fix fpcentral (#32014), and related fpcentral tickets
(#31987 and #31986)
- Review #30334 (build_go_lib for executables)
- Work on #18867 (Ship auto-updates for Tor Browser nightly
channel) and sub-tickets
- 30460: TOPL dependency list - fixed/merged
- 31981: remove deprecated patch from tor-android-service:
- 31568: Updated gradle how to - fixed/merged
- 30665: Firefox ESR 68 working - fixed/merged
- 32043: tor-android-service: repo fix
More information about the tor-project