[tor-project] Tor Browser Team Meeting Notes, 21 January 2020

Matthew Finkel sysrqb at torproject.org
Fri Jan 24 01:35:25 UTC 2020 

Hi everyone,

We held our weekly team meeting on 21 January. The meeting logs are
available at
http://meetbot.debian.net/tor-meeting2/2020/tor-meeting2.2020-01-21-18.29.log.txt

Summary:
1) Mozilla released 68.4.2esr at the beginning of the week, but we
   decided against releasing Tor Browser updates. The Firefox release was
   not driven by a security issue, and the update primarily fixes a
   graphics bug in a virtual environment.
2) It's GSoC season again, so we're thinking about potential worthwhile
   projects.
3) We're thinking about increasing the frequency of Alpha releases.
   Currently they follow Mozilla's 4-week rapid release (same as our
   Stable releases), but there may be some benefits to releasing more
   updates on the Alpha channel. We're considering moving to a two-week
   release cycle when it is helpful (and we can skip the extra release when
   it doesn't make sense).
4) Some team members will be at the Mozilla All Hands next week, so the
   team meeting will likely be less eventful.


Meeting notes:
==================================================
Week of January 21, 2020

Discussion:
    - Anyone want to propose/mentor a project for GSoC?
    - Tor Browser releases
    - Will we be meeting next Monday (during Mozilla all hands)? [brade] [pili:  I will postpone the release meeting on wednesday to the following week]

pospeselr:
    Last week:
        - #30750 progress!

            - further uMatrix investigation, tldr; does not have the full feature set we want for Tor Browser (at least webgl and web-font blocking)

     - ma1 seems willing to add the features we need to NoScript

        - Mozilla 1532486 patch updates (in-memory only media memory cache, disk sanitization)
        - Code reviews: #19757, #30237
    This week:
        - Misc Berlin prep
        - #30750
        - Revision for Mozilla 1594455 (Change letterboxing background to match theme, snap browser content to top)

mcs and brade:
    Last week:
        - Sponsor 27 work:
            - Did some planning and created estimates for our remaining Sponsor 27 items.
            - Posted patches for #19757 (permanent storage of client auth keys and associated management UI).
            - Rebased and revised patches for #30237 (v3 client auth prompt).
            - Published some test builds for UX review, etc.
                - https://people.torproject.org/~mcs/volatile/v3-auth/
    This week/upcoming:
        - Respond to review feedback for client auth patches.
        - #19251 (onion services error page).

sysrqb:
    Last week:
        - Looked at .onion AltSvc handling for #27502 and #30599
        - Reviewed Tor Browser manual for Android
        - Triaged tickets
        - Began looking at some of Chrome's Privacy Sandbox proposals
        - Worked on sketching some team-improvement ideas and team processes
        - S27 tickets
        - Began outstanding code reviews
    This week:
        - Code review
        - Prep for Moz All Hands

boklm:
    Last week:
        - Reviewed #28704 (Compile Tor and dependencies on our own for Android)
        - Reviewed #32435 (Compile clang for Linux x86_64 with WASM support) and started looking at others RLBox tickets
        - Added script to generate a mar signing key for nightly builds (#31988)
        - Made patch for #33012 (Remove unneeded namecoin and snowflake definitions)
        - Made patch for #32948 (Make referer behavior consistent regardless of private browing mode status)
        - Looked at blog comments
    This week:
        - Finish reviewing #32870 (Bump version of pion webrtc in Tor Browser)
        - Look at #28325 (Use go 1.11 module versioning support)
        - Try to finish remaining things for #18867 (Ship auto-updates for Tor Browser nightly channel):
            - Waiting for #32800 to be done (Creating some space to host Tor Browser nightly updates). To start testing before that, I will start with uploading mar files to people.tpo.
            - Waiting for #32768 to be reviewed/merged (Create a build-infos.json file containing firefox platform_version and buildid)
        - Review #32456 (Add a question in support.tpo about anti-virus reporting a virus in Tor Browser)
        - Look at macOS signing situation
        - More RLBox reviews

sisbell:
   Last Week:
     #28764 - OpenSSL Android - moved to static compile within tor lib
   - #28766 - Tor Build for Android - Created packaging for app. Some build changes around flags. Tor runs successfully on device.
   This week:
   - #28766 - Respond to feedback
   - # 32991/32992 - create and integrate compression libraries for tor.
   - Follow ups with guardian about next steps for shared components
   - Investigate what would be needed to upload native Android tor builds to maven central

acat:
    Last week:
        - #31395: Remove inline <script> in aboutTor.xhtml
        - #32767: Remove Disconnect search as it is discontinued
        - Investigated/thought about #28005: Officially support onions in HTTPS-Everywhere
        - backported patch for #22919: Form tracking and OS fingerprinting (only Windows, but without Javascript)
    This week:
        - Keep working on #28005 (time estimates, document https everywhere vs directly in Tor Browser pros/cons, do a quick prototype?)

Jeremy Rand:
    Last week:
        Dealt with funding stuff....
        Was a bit less productive than usual (again) due to illness.  (Pretty sure I'm fully recovered now.)
    This week:
        Send a draft tor-talk post to Matt for review.
        Continue dealing with funding things....
        Address any feedback that arrives for the Namecoin support in Nightly.

pili:
    Last week:
        - GSoC wrangling
        - FOSDEM wrangling
        - Tor Browser Release planning
    This week:
        - S27: review outstanding items
        - More GSoC and FOSDEM

==================================================

Thanks,
Matt

More information about the tor-project mailing list