[tor-project] Tor Browser Team Meeting Notes, 24 February 2020

Matthew Finkel sysrqb at torproject.org
Mon Mar 9 20:40:43 UTC 2020

Hi eveyone,

On 24 February, we held our weekly team meeting. The meeting log is
available at

During this meeting we briefly discussed #13410 and how a naming system
like Namecoin could provide a database where TLS certificates can be
verified as trusted (via a TLSA-like mechanism).

Team progress and discussion notes


    Last week:

    - #29120 (Mozilla 1532486) uplifted (hmm)
    - #13410 work (Disable self-signed certificate warnings when visiting .onion sites)

        - figured out a lot of ways to not do this >:[

        - CertVerifier.cpp seems like the right place, should hopefully have this working today/tomorrow

    This week:

    - #13410 - should have a patch ready middle of this week

    - Firefox release notes review ASAP

    - #33298 - not necessary for S27, but technically needed to be consistent between HTTPS and onions

    - delay to whenever

Jeremy Rand:
    Last week:
        - Did more hacking on the linux-arm port of Tor Browser.  (I have a working mozconfig that builds a working linux-arm binary of Tor Browser's Firefox, in a Debian Buster ppc64le VM.  The same mozconfig produces a build error in a Debian Buster rbm container.  So the remaining bugs are not related to the mozconfig.)
    This week:
        - [discuss] Post the tor-talk thread after Matt finishes reviewing it.  (@sysrqb is there any ETA on getting that reviewed?)
        - Maybe hack some more on the linux-arm port.

mcs and brade:
    Last week:
        - Reviewed patch for #32645 (Update URL bar onion indicators).
        - Posted patches for #19251 (onion services error page).
        - Worked on self feedback for TPI Feedback Cycle 2020-1.
    This week/upcoming:
        - Review pospeselr’s new #32645 patch (Update URL bar onion indicators).
        - Look at proposed onion service error strings (#33035).
        - Investigate #31984 (TB 9.x partial update: unable to remove directory: tobedeleted).
        - Work on self & peer feedback for TPI Feedback Cycle 2020-1.


    Last week:

    - worked on RLBox (I have backported patches up for review in #32380, will post the final branch after the meeting)

    - had fun with #33416 while building the alpha (Android container creation breaks when building Tor Browser 9.5a6)

    - a bit more work on the design document

    This week:

    - moar work on RLBox:

      * [discuss] the plan is to have the patch integration sorted out this week and up for review (boklm: sysrqb: i'll be at a meeting in parallel, so I guess we can chat after the tor browser meeting about how to proceed here)

      * start the macOS backports (#33410)

    - design doc update

    Last week:
        - Made patches for:
            - #33380 (Add *.json to sha256sums-unsigned-build.txt)
            - #33403 (Add nightly mar key)
            - #33402 (Set app.update.url for nightly)
        - Updated script for #25102 (Add script to sign nightly build mar files, generate update-responses xml and publish the new version):
            - signed nightly mar files and update xml are now on https://nightlies.tbb.torproject.org/nightly-updates/
        - Helped build new alpha
        - Looked at blog comments
    This week:
        - Check if nightly updates are working
        - Help with publishing the new alpha
        - Look at testsuite setup
        - Some reviews:
            - RLBox patches
            - #28704 and child tickets (Compile Tor and dependencies on our own for Android)
            - #32456 (Add a question in support.tpo about anti-virus reporting a virus in Tor Browser)
        - Try to help with #32650 (Check translations for bogus characters)

    Last week:
        - Rebase Tor Browser patches onto mozilla-central.
    This week:
        - Rebase Tor Browser patches onto mozilla-central.
        - Investigate #33342 if there's time (Disconnect search addon causes error at startup)

    Last week:
        - Release prep for 9.5a6
        - Merged a few tickets
        - Reviewed some other tickets
        - Began sketching a process for getting l10n sign-off on new strings
        - Told Mozilla we might want to use Client Hints for informing websites we support .onion addresses
    This week:
        - Finish 9.5a6 release
        - Working on getting Apple notarization working
        - Finally respond to Jeremy
        - Maybe catch up on RLBox
        - I'll think of some more things when I start doing them

   Last Week:
   - Android for Tor - broke apart commits into separate branches, made various fixes based on reviews, did fix for build to work for Debian 19.10
   -  #32534 - add TBB project for jtorctl, integrated into rest of build
   This Week:
   - Respond and fix, based on reviews 
   - Upgrade tor binaries to 0.4.x in tor-android-services
   - #32476 - work on JNI support for embedded tor for android
   - Fenix Investigation


More information about the tor-project mailing list