[tor-reports] Pearl Crescent Report – November 2014
mcs at pearlcrescent.com
Wed Dec 3 16:30:03 UTC 2014
Tor-related work that the Pearl Crescent team did in November
(Kathy Brade and Mark Smith):
* Firefox updater for Tor Browser:
In the area of improving the security of the update process, we
incorporated Mozilla patches and did some of our own development to add
support for signed MAR files. Because there are still some issues that
need to be addressed (e.g., strength of the signatures), this remains an
open work item.
"Sign our MAR files"
We also worked on various deployment bugs that involved the updater,
"Tor Browser Bundle 4.0: updater fails on Windows"
"Transition away from 32bit OS X Tor Browser builds"
"Generation of incremental mar files is not reproducible"
* Tor Browser and Torbutton:
We reviewed and contributed to an end of contract report that Mike drafted.
We performed some code reviews, e.g.,
We helped with browser testing, bug triage, code reviews, and
development of fixes. Related tickets:
"Tor Launcher/Torbutton should provide a Security Slider"
"Inspector raises the canvas prompt when hovering over images"
"The Options window for the LeechBlock extension gets
closed immediately by Tor Browser"
"The circuit display dropdown should be optional."
"Meek bridges don't work in TB 4.5alpha1"
"Active tab looks ugly (inherits system color scheme only partially)"
* We participated in the weekly Tor Browser dev meetings on IRC and
in various design discussions on IRC and on the mailing lists.
* Planned for December 2014:
- Finish the MAR file signing work, fix #13776 (incremental
MARs not reproducible), fix other updater issues
that occur in the field, and add improve the update user
- Assist with other Tor Browser and Torbutton issues. There are
plenty of TB 4.x bugs that need initial triage or follow up work.
- Investigate travel for the UX Meeting and the 2015 Winter Dev
Pearl Crescent, LLC
More information about the tor-reports