[tor-project] Tor Browser Team Meeting notes, 14 October 2019

Matthew Finkel sysrqb at torproject.org
Mon Oct 21 13:45:16 UTC 2019


Sorry for the delayed report. We held our weekly Tor Browser meeting
last Monday in #tor-meeting2. Here is the IRC log:

Briefly, we discussed ticket priority for the upcoming release, as well
as ticket priority for the remainder of the year.

Week of October 14, 2019
    -remaining items for 9.0
    -next major tasks to work on until the end of the year (I have
#30570, #28325, #31660, s27, and s9 (#18867 nightly auto-updates) on my
list; does that sound reasonable? Is there more/anything else?) [sysrqb:
31005 maybe a task we want before next year, and get a head start on
    - Electrum-NMC optimization for Python certifi package (only include
root CA's from top 10 intermediate CA's in the Alexa Top 1 Million) --
is getting more data on real-world root CA usage in Electrum servers
considered a blocker for a merge to Nightly?  -Jeremy

tjr (double-booked on meetings, highlight me for a response)
 - mingw-clang tests are landing in esr68 \o/
 - I backported the wasm patch to ESR68; running through try. Should be
available today/tomorrow
    Last week:
        -release prep for 9.0a8
        -esr68 feature review (#31591)
          -investigated #32013 and #32057
        -wrote patch for preference clean-up (first round) Thanks to
Thorin for all the hard work! (#27268)
        -wrote patch for enabling lang pack signature checks on Windows
and Linux again (#31942)
        -reviews (#31286, #30429, #31010, #30460, #13543, #31607,
#32041, #30665, #30461, #31144, #31768, #31910, #32018, #31778, #27511,
#31568, #31968, #31979, #31564, #31822)
        -started investigation of reproducibility bugs (#32052/#32053)
    This week:
        -help with 9.0a8 release
        -help with reproducibility bugs recently found (#32052/#32053)
        -preparing Tor Browser 9  and 9.5 and building it
          -finish some small patches for 9.5a1-only changes (e.g.
        -finish esr68 feature review (#31591)
        -make more progress on all closed bugs between esr60 and esr68
        -tracking down address bar issue (#32019)
        -double-checking #27604 (bundle relocation is broken) [mcs:
brade and I could take this task if it would help you] (GeKo: please do.
i think we could even think about implementing the small fix I mentioned
in the ticket (or something better) at least for 9.5a1)

    Last week:
        - OTF Browser proposal
        - FOSDEM main track talk and stand submission
        - S27 meeting to discuss prop 304 and prop 309 incompatibilities
        - Tor Browser release meeting
        - general roadmap and ticket gardening
    This week:
        - OTF Browser proposal
        - S27 meeting
        - #30054 - added some updates on next steps
        - #32011 - added aarch64 .apk to download page
        - afk next week - traveling to London for MozFest on Monday and
afk intermittently throughout the week

    Last week:
        Reviewed and tested acat's #31010 patch
        Reviewed and tested #31822 patch backport for security slider on
        Filed a ticket for completely disabling ActivityStream on
Android (#31983)
        Audited wasm implementation #21549
        Reviewed Mike's networking audit results, and wrote patches
    This week:
        Test patches for network potential leaks (#31144)
        Test wasm (should we try this in 9.5a1? I saw we're enabling
asm.js in 9.0)
        Release prep/Release
        Revert aarch64 torbutton fixup (#31730 )
        Maybe bring search engine parity on mobile (#30017)
Jeremy Rand:
    Last week:
        - Namecoin stream isolation

            - Addressed Conformal's feedback on btcd/rpcclient PR.  It's
now ACKed by one of the Conformal devs and should be merged shortly.

              - #19859: Addressed Nick's feedback on torspec patch. 
Awaiting further feedback.
              - Added stream isolation to hlandau/madns; Hugo has merged
the PR.
              - Patched ncdns to use madns's stream isolation; PR should
be merged soon.
              - Patched ncdns to isolate cache; PR should be merged
              - Patched ncprop279 to use madns's stream isolation and
accept stream isolation data via Prop279; PR should be merged soon.
        - Electrum-NMC syncup optimizations

            - Forward-ported parallel blockchain sync to 3.3.8 branch.

        - Noticed that tor-browser-build doesn't have a license.

            - Filed #32038

        - Was a bit less productive than usual due to spending the
weekend babysitting the network during a scheduled softfork.

            - This decreased productivity may bleed into the beginning
of this week.

    This week:
        - Finish up stream isolation in ncprop279 and dependencies.
        - Continue working on #19859, assuming my current patches get
more feedback.

mcs and brade:
    Last week:
        - Finished #31768 (Introduce Tor network settings and other
updates in TB9 onboarding).
        - Finished #31910 (replace meek_lite with meek in circuit
        - Created #31984 (unable to remove directory: tobedeleted)
            - based on blog comment
        - Prepared for and participated in Sponsor 27 meeting r.e. onion
service errors vs. SOCKS optimistic data.
    This week:
        - Open a Mozilla bug for #31547 (Back out or modify patches for
Mozilla's bug 1574980). [done]
        - Open a Mozilla bug for #31955 (macOS: avoid throwing inside
nonBrowserWindowStartup()). [done]
        - Investigate #31984 (unable to remove directory: tobedeleted)
        - Investigate #32039 (Tor Browser 8.5.5 is not working on macOS
10.15 after being freshly installed).
        - Investigate #32055 (Importing bookmarks from Safari doesn't
        - Help with other tbb-9.0-must tickets as time permits.
        - Attend Sponsor 27 meeting.
        - Record Actual Points in our completed tickets.

    Last week:       
        - Finish #31778: Support default dark-theme for the Circuit
Display UI.
        - #13543: HTML5 media support may lead to fingerprinting
        - #31602: Remove Pocket indicators in UI and disable it by
         - Review #31286.
    This week:
        - #31740: Review RemoteSettings usages in esr68
        - Revert aarch64 torbutton fixup (#31730 )
        - Investigate/think about #13543 spoofing values.
        -  Help with tbb-9.0-must tickets
        - Revise https://bugzilla.mozilla.org/show_bug.cgi?id=1581537.
[Browser UI locale is leaked in several ways]
    Last week:
        finished candidate patch for #31268
        tried to build the build2 candidate over the weekend, ran into
several issues

         - some gradle weirdness (that went away after a restart)

    - can't build snowflake because the commit used in the config
doesn't exist anymore due to branch merges [boklm: could you open a
ticket for this issue? pospeselr: created #32066]

    This week:
        #31268 review changes
        misc bug fixes ( #31920, #31749, #31748)
        Mozilla #1561912
    Last week:
        - Made patches for:
            - #31968 (Use sudo if /proc/cpuinfo isn't readable in the
start-tor-browser script)
            - #32018 (Remove unicode Character 'NO-BREAK SPACE' (U+00A0)
from fp-central/run.py)
        - Worked on #32014 (Fix fpcentral after update to buster)
        - Helped build new alpha release
        - Looked at reproducibility issues (#32052 and #32053)
        - Reviewed #29013 (Provide stack smashing protection for
mingw-clang builds)
    This week:
        - Investigate reproducibility issues (#32052 and #32053) and try
to fix them
        - Help publish new alpha release
        - Try to fix fpcentral (#32014), and related fpcentral tickets
(#31987 and #31986)
        - Review #30334 (build_go_lib for executables)
        - Work on #18867 (Ship auto-updates for Tor Browser nightly
channel) and sub-tickets
   Last Week:
   - 30460:  TOPL dependency list - fixed/merged
   - 31981: remove deprecated patch from tor-android-service:
   - 31568: Updated gradle how to - fixed/merged
   - 30665: Firefox ESR 68 working - fixed/merged
   This week:
   - 32043: tor-android-service: repo fix

- Matt

More information about the tor-project mailing list