[tor-project] Tor Browser Team Meeting Notes, 21 January 2020
sysrqb at torproject.org
Fri Jan 24 01:35:25 UTC 2020
We held our weekly team meeting on 21 January. The meeting logs are
1) Mozilla released 68.4.2esr at the beginning of the week, but we
decided against releasing Tor Browser updates. The Firefox release was
not driven by a security issue, and the update primarily fixes a
graphics bug in a virtual environment.
2) It's GSoC season again, so we're thinking about potential worthwhile
3) We're thinking about increasing the frequency of Alpha releases.
Currently they follow Mozilla's 4-week rapid release (same as our
Stable releases), but there may be some benefits to releasing more
updates on the Alpha channel. We're considering moving to a two-week
release cycle when it is helpful (and we can skip the extra release when
it doesn't make sense).
4) Some team members will be at the Mozilla All Hands next week, so the
team meeting will likely be less eventful.
Week of January 21, 2020
- Anyone want to propose/mentor a project for GSoC?
- Tor Browser releases
- Will we be meeting next Monday (during Mozilla all hands)? [brade] [pili: I will postpone the release meeting on wednesday to the following week]
- #30750 progress!
- further uMatrix investigation, tldr; does not have the full feature set we want for Tor Browser (at least webgl and web-font blocking)
- ma1 seems willing to add the features we need to NoScript
- Mozilla 1532486 patch updates (in-memory only media memory cache, disk sanitization)
- Code reviews: #19757, #30237
- Misc Berlin prep
- Revision for Mozilla 1594455 (Change letterboxing background to match theme, snap browser content to top)
mcs and brade:
- Sponsor 27 work:
- Did some planning and created estimates for our remaining Sponsor 27 items.
- Posted patches for #19757 (permanent storage of client auth keys and associated management UI).
- Rebased and revised patches for #30237 (v3 client auth prompt).
- Published some test builds for UX review, etc.
- Respond to review feedback for client auth patches.
- #19251 (onion services error page).
- Looked at .onion AltSvc handling for #27502 and #30599
- Reviewed Tor Browser manual for Android
- Triaged tickets
- Began looking at some of Chrome's Privacy Sandbox proposals
- Worked on sketching some team-improvement ideas and team processes
- S27 tickets
- Began outstanding code reviews
- Code review
- Prep for Moz All Hands
- Reviewed #28704 (Compile Tor and dependencies on our own for Android)
- Reviewed #32435 (Compile clang for Linux x86_64 with WASM support) and started looking at others RLBox tickets
- Added script to generate a mar signing key for nightly builds (#31988)
- Made patch for #33012 (Remove unneeded namecoin and snowflake definitions)
- Made patch for #32948 (Make referer behavior consistent regardless of private browing mode status)
- Looked at blog comments
- Finish reviewing #32870 (Bump version of pion webrtc in Tor Browser)
- Look at #28325 (Use go 1.11 module versioning support)
- Try to finish remaining things for #18867 (Ship auto-updates for Tor Browser nightly channel):
- Waiting for #32800 to be done (Creating some space to host Tor Browser nightly updates). To start testing before that, I will start with uploading mar files to people.tpo.
- Waiting for #32768 to be reviewed/merged (Create a build-infos.json file containing firefox platform_version and buildid)
- Review #32456 (Add a question in support.tpo about anti-virus reporting a virus in Tor Browser)
- Look at macOS signing situation
- More RLBox reviews
#28764 - OpenSSL Android - moved to static compile within tor lib
- #28766 - Tor Build for Android - Created packaging for app. Some build changes around flags. Tor runs successfully on device.
- #28766 - Respond to feedback
- # 32991/32992 - create and integrate compression libraries for tor.
- Follow ups with guardian about next steps for shared components
- Investigate what would be needed to upload native Android tor builds to maven central
- #31395: Remove inline <script> in aboutTor.xhtml
- #32767: Remove Disconnect search as it is discontinued
- Investigated/thought about #28005: Officially support onions in HTTPS-Everywhere
- Keep working on #28005 (time estimates, document https everywhere vs directly in Tor Browser pros/cons, do a quick prototype?)
Dealt with funding stuff....
Was a bit less productive than usual (again) due to illness. (Pretty sure I'm fully recovered now.)
Send a draft tor-talk post to Matt for review.
Continue dealing with funding things....
Address any feedback that arrives for the Namecoin support in Nightly.
- GSoC wrangling
- FOSDEM wrangling
- Tor Browser Release planning
- S27: review outstanding items
- More GSoC and FOSDEM
More information about the tor-project