[tor-project] Tor Browser Team Meeting Notes, 13 January 2020
sysrqb at torproject.org
Fri Jan 24 01:17:33 UTC 2020
We held our weekly team meeting on 13 January. The meeting logs are available
We released three Tor Browser updates (two stables, and one alpha) the
previous week. Huge thanks to everyone involved in the process!
1) We discussed site-specific settings again, with a focus on integrating the
functionality directly into the browser (Tor Browser, but ideally Firefox)
2) We're beginning to look at UniGL for possible integration into Tor
3) There is a question about who we should contact when we are notified about
an upcoming, unscheduled Firefox release
4) Discussed where the new namecoin integration should be announced and how
feedback should be received (probably starting with tor-talk@ and going
5) We are beginning to update "actual points" on our tickets on a weekly
basis, instead of when the ticket is completed.
Week of January 13, 2020
- Anything we want to highlight for the "State of the Onion" FOSDEM talk?
- reviews: #21952 (Onion-Location), #32778 (tor publish/subscribe fix for Windows)
- probably spent way too much time on #21952
- discussed the spec with asn
- the tldr; is that the spec itself is old and was not thoroughly thought out with how the new header should interact with all of the possible HTTP results (ie what should happen if you get an Onion-Location header with a 404, 30X redirects, etc, etc)
- they suggested we ping web folks who would actually use Onion-Location header (anarcat/hiro, our Facebook friendo, etc) and see how they would want it to work/how they would configure web services to use it
- dove into uMatrix for #30570, haven't had a chance to write up findings yet on ticket
- the tldr; uMatrix looks like a good alternative to NoScript, already supports 'scoping' rules off of domain (so we get 3rd party isolation of content blocking rules for 'free')
- #30750: actually start writing some prototype code for Tor Browser to interface with uMatrix for script isolation
- finished #31597 Firefox 61-68 bug review (finally, and we are good \o/)
- helped with the Tor Browser releases
- wrote patch for preferences clean-up (#27268)
- posted patches for RLBox build changes in tor-browser-build (#32434, #32435, #32436, #32437)
- ticket triage
- design doc update (#25021)
- wrote mail to tbb-dev about potential tbb proposal changes (https://lists.torproject.org/pipermail/tbb-dev/2020-January/001033.html)
- mar signing key creation (#32658)
- more work on RLBox integration
- ticket triage
- design doc update (#25021)
mcs and brade:
- Sponsor 27 work:
- Reviewed UX design for #19251 (error page specific to when .onion links fail).
- Made progress on #19757 (permanent storage of client auth keys and associated management UI).
- Create estimates for our remaining Sponsor 27 items.
- #19757 (permanent storage of client auth keys and associated management UI).
- We plan to post patches this week.
- Make available to Antonela a “work in progress” build that contains the Sponsor 27 auth prompt and key management UI.
- Helped to build/publish new releases
- Looked at blog comments
- Worked on #25102 (Add script to sign nightly build mar files, generate update-responses xml and publish the new version)
- Review RLBox patches
- Review #32456 (Add a question in support.tpo about anti-virus reporting a virus in Tor Browser)
- Finish work on #25102 (script to sign nightly build mar files, generate update-responses xml and publish the new version) and remaining things for #18867 (Ship auto-updates for Tor Browser nightly channel)
- Try #32768 (Make script to optimize upload and download of Tor Browser releases)
- Look at macOS signing situation
Three releases! (thanks for everyone's help!)
Began Jan 2020 roadmapping
Attended Real World Cryptography Symposium
Working on finishing Jan 2020 roadmap, and moving onto Feb/March roadmap
Reviewing tickets and reprioritising
Pondered next steps for Namecoin a bit.
Was a bit less productive than usual due to minor illness.
[discuss] Where should I be asking users to report their feedback on the Namecoin integration in Nightly? (So far I've just been telling people "let me know if you see any bugs", which isn't really ideal for making sure Tor sees representative feedback.)
- Revised #28745: THE Torbutton clean-up
- Revised #21952: Onion-location: increasing the use of onion services through automatic redirects and aliasing
- Tested/checked tom's new patch for #23719: Make sure WebExtensions are spared from JIT disabling in higher security settings (Medium-High)
- Patch for #32414: window.external.AddSearchProvider request goes through catch-all circuit
- Revised #22919: Form tracking and OS fingerprinting
- Probably some more revision for the last week work.
- ? #28005: Officially support onions in HTTPS-Everywhere ?
- #31395: Remove inline <script> in aboutTor.xhtml
- #32767: Remove Disconnect search as it is discontinued
- Do estimates for remaining s27 items.
- #28765 - LibEvent Android - moved to using clang (this solved a bunch of problems with building tor android)
- #28766 - Tor Build for Android - verified compiling with armv7 and x86_64 (still need to do proper packing for apk)
- #28766 - Handle packaging and input into tor-android-service, verify build runs on device
- I should work on S27 related tickets this week:
- Review #30090 - Onion Errors
- Review #32645 - URL bar indicators
- sysrqb: We should talk about the overlapping bits in our roadmaps. Berlin seems a good time for us to coordinate it.
- Catching up after vacations
- High Level Roadmapping for 2020
- Refining our capacity estimates based on 2019 data
- It would be useful if people could update "Actual Points" for tickets they worked on during a month to make it easy to break up actual capacity for tickets spanning multiple months - Would people be ok with doing that? [discuss]
- Getting back to a trac triage routine
More information about the tor-project