[tor-project] Tor Browser Team Meeting Notes, 16 March 2020

Matthew Finkel sysrqb at torproject.org
Mon Mar 30 17:31:08 UTC 2020

Hello everyone,

We held a weekly meeting on 16 March, 2020. The meeting log is available

During the meeting we discussed how Javascript should be handled and disabled
on the Safest security level.
Week of March 16, 2020

    - Should we be using Trac’s merge_ready status for tickets for which review is complete? Who should change a ticket’s state to merge_ready?
    - Javascript configuration on Safest


    Last week:

    - release note reviews (#33534)

    - windows update/platform documentation updates

    This week:

    - finish release note reviews (#33534)


    Last week:

    - not much done; a bit help with the JS bypass bug

    This week:

    - more design doc update (#25021)

    - test new mar signing key (#33173)

    - maybe working on reproducibility of lucetc (#33488)

mcs and brade:
    Last week:
        - Code reviews.
        - Reviewed the manual update instructions, etc. for the TB 9.5a7 release.
        - Replied to email query from Guardian Project people r.e. implementing Moat.
    This week/upcoming:
        - More code reviews, including rebased updater patches (#33533).
        - Respond to review comments in #19251 (onion services error page).
        - Revisit #30732 (“Your Firefox is critically out of date" banner).
        - Revisit #32418 (on every start TB complains that it can't update).
        - Investigate #29630 (TorBrowser creates empty directory in "/tmp”).

    Last week:
        - Reviews (#33482: Update about:tor donate string, #19251: TorBrowser might want to have an error page specific to when .onion links fail)
        - Made patch for #33342 (Disconnect search addon causes error at startup)
        - Revised #28005 (Officially support onions in HTTPS-Everywhere) to use securedrop testing update channel.
    This week:
        - Revise #21952 (Onion-location: increasing the use of onion services through automatic redirects and aliasing) to address review comments.
        - Whatever is most useful for Tor Browser ESR -> regular release migration (or Fenix):
            - Try to get a tor-browser-build for #33533 (Rebase Tor Browser esr68 patches on top of mozilla-central)
            - Take a look at fixing tests?
            - ...

    Last week:
        - Released 9.5a7, 9.0.6, and 9.5a8
        - Investigated Javascript bug on Safest security level
    This week:
        - Close-out javascript bug
        - Release prep for 9.0.7 and 9.5a9
        - Respond to sisbell regarding Fenix questions
        - Look at acat's work with rebasing patches

    Last week:
        - Tested updates in nightly builds: it seems to be working correctly
        - Opened upstream pull request for #33535 (Patch openssl to use SOURCE_DATE_EPOCH for copyright year)
        - Looked at possible workflow with quilt
        - Helped with new releases
        - Looked at blog comments
    This week:
        - Try to get rebased patches from #33533 building in tor-browser-build
        - Set branch for #25102 in needs_review (Add script to sign nightly build mar files, generate update-responses xml and publish the new version)
        - Work on testsuite setup
        - Work on setup of automatic rebasing of tor-browser patches on mozilla-central
        - Work on proposal for quilt workflow
        - Some reviews

Jeremy Rand:
    Last week:
        - Relayed some Namecoin feedback from Twitter and LinuxReviews to tor-talk.
        - Posted on r/Namecoin asking for more feedback, hopefully some more feedback will trickle in soon.
        - Hacked around with #32355 some more.
    This week:
        - Wait for more feedback on the Namecoin integration in Nightly.
        - Maybe hack around with #32355 some more.

   Last Week:
   - #33556: TBB for android-components -  After integrating with fenix build, I identified a number of unneeded Mozilla project dependencies and removed them. Various plugin fixes. Package artifacts as maven repo. Cleaned up patches. I also identified a couple of areas further of investigation.  
   - #33184: Support for fenix - various plugin fixes, removing of dependencies, now using android-component artifacts locally, learning build internals
   This Week:
  - #33184: Fenix - get complete build working (this will still use precompiled artifacts from Mozilla’s gecko view aar)
  - #33626: TBB for GeckoView - start setting this up so I can identify build dependencies for this (rust, clang). Open related issues.

    Last week:
        - trac triage
        - Browser team February report
    This week:
        - trac triage
        - Tor Browser release meeting


More information about the tor-project mailing list