Hello!
It seems I didn't sent this last week. Here are the meeting notes from last Monday's meeting: http://meetbot.debian.net/tor-meeting2/2019/tor-meeting2.2019-11-04-18.29.lo...
During the meeting we mostly discussed our priorities for November.
Below are the notes from our meeting pad:
Discussions: Status of 68esr rebasing tickets - #30429 and #31010 (GeKo: we are close at least for #30429; I wanted to have a last look over them before closing but am distracted by other work :( #30429 at least should get done this week, though)) Do we need #31650 (pre-crunch and pre-strip PNG in tor-service-android to make it reproducible)?
sysrqb: Last week: Release prep Fixed locale-selector crash #32343 (boklm, thanks for providing a better patch) obfs4proxy incompatibility with Android O (#32303) Reviewed torrc cleanup on Android #30552 Reviewed BridgesList Preferences is an overloaded field #30501 Tweaked EOY campaign patch for mobile #30783 This week: 9.0.1/9.5a2 Releases Finish patch for #32303 Follow up on #31915 patch uplift OTF proposal Fastlane support #26844
pospeselr: Last week: - #32220 prototyping (letter-boxing white borders) - working on patch which adds a border around the page content, and sets the margin to the color of the chrome background to indicate the margin is not part of the content (and varies with theme) - 9.0.1 build This week: - finish up #32220, one remaining outstanding issue: newly created windows do not have enough space to fit the browser element without letter-boxing - start work on exposing an option in about:preferences to toggle letter-boxing (#32325) - investigate #32308 (letter-boxing jiggling on window resize)
Jeremy Rand: Last week: - #19859: Ready for review. - Stream isolation with Namecoin now fully works across the full stack. - Audited Electrum-NMC for proxy leaks; no leaks were detected. - Not surprising, since Electrum is used in Tails and Whonix, so presumably they would have noticed already if there were proxy leaks. - I also open-sourced my proxy leak detector that I originally wrote for my master's thesis 2 years ago; I'll probably post a link on the tor-dev mailing list since it might be interesting for the Tor community. https://github.com/JeremyRand/heteronculous This week: - Main thing left on my end: clean up Git history of Electrum-NMC stable 3.3.8 branch, tag an Electrum-NMC nc3.3.8 release, make tor-browser-build use that Electrum-NMC tag. - Remaining things that might be worth doing (which of these, if any, are blockers for merging Namecoin support to nightly with Namecoin disabled by default?): - Properly handle some AuxPoW edge cases - These edge cases mainly fall into the category "Someone with large amounts of hashrate might be able to make 1 block appear as 2 blocks, until someone else mines a block on top of the real one", and similar attacks that are highly expensive and accomplish virtually nothing attack-wise. Obviously worth fixing, but IMHO it's not something that warrants blocking a nightly merge. - Disable punycode/IDN's in the .bit TLD to prevent homograph attacks - In the DNS world, registries are supposed to prevent homograph registrations; Namecoin treats registrations as binary blobs without regard to Unicode, so Namecoin can't easily prevent homographs. Long-term we should try to find a safe way to allow IDN's, but short-term we should just disable punycode/IDN's from being looked up in ncdns. IMHO disabling punycode/IDN's isn't worth blocking a nightly merge, since it only affects users who have opted into Namecoin by both enabling Namecoin via env var and navigated to a .bit site in the URL bar. - Stop hardcoding username/password/port for Electrum-NMC RPC interface, use random instead - Main reason why Electrum-NMC password-protects the RPC interface is to prevent theft of coins/names. But the Electrum-NMC instance in Tor Browser doesn't have the wallet enabled, so this is mostly a moot point. Accessing the RPC interface *would* allow opening connections with arbitrary stream isolation data... but that's also true of the Tor SOCKS port, which is unauthenticated. AFAIK Tor Browser doesn't allow websites to access localhost via AJAX and similar stuff, so this seems like a pretty minimal attack risk. So IMHO it's not worth blocking a nightly merge. Long-term we should definitely switch to cookie authentication for the Electrum-NMC RPC port. - Audit build reproducibility - In theory everything should be reproducible (it all builds in rbm and I've tried to follow best practices for rbm usage), but there may be issues since I haven't carefully tested for reproducibility (e.g. I've filed a few Go-related reproducibility bugs on Trac that might or might not affect things here). Is audited reproducibility considered a blocker for nightly, or just for alpha/stable? (I have no idea what the policies are for this; I'll follow whatever policies you have in this area.)
mcs and brade: Last week: - Sponsor 27 work: #30237 (v3 onion services client auth). - rebased patches for ESR68/Tor Browser 9. - worked on loose ends. - Reviewed some patches. This week/upcoming: - #30237 (v3 onion services client auth). - Provide updated biographical info to Al for use in proposals.
acat: Last week: - Finish fixing #27604: Relocating the Tor Browser directory is broken with Tor Browser 8 - Landed https://bugzilla.mozilla.org/show_bug.cgi?id=1581537. [Browser UI locale is leaked in several ways] - Checked #32255: Missing ORIGIN header breaks CORS in Tor Browser 9.0 This week: - #23719: Make sure WebExtensions are spared from JIT disabling in higher security settings (Medium-High) - #21952 - Onion-location: increasing the use of onion services through automatic redirects and aliasing - send updated resume to Al for OTF proposal.
tjr: - Working on bumping to clang-9 in -central. - clang-10-trunk just had CFG support land, maybe worth investigating bumping to that
sisbell: Last Week: -#30552/#30501/30767: Made changes to TOPL code based in feedback, various code changes to improve readability, additional unit tests, bug fixes - #31130 - Android tor Debian - solved the Java installation issue which was main barrier to completion, Next will upgrade https-everywhere to buster - #31922 - ApkTool - made changes to config (will be able to test once I complete #31130) This week:’ - #31130: Upgrade https-everywhere to buster and then test final apk - #31922: ApkTool test using Debian version - #30501: Code integration changes to tor-android-service, migration code for different fields
pili: Last week: - Catching up from MozFest - Browser proposal for transition away from ESRs - end of month admin and roadmap gardening This week: - Sponsor 44 report - Start of month roadmap planning
GeKo: Last week - release prep - reviews (#27309, #32342, #32184, #27604, #32188, #30783, #32220, #28745) - small patches for the release (mainly backports): #32321, #32318, #32250 - work on #27268 (while reviewing #28745) - #32053 (macOS reproducibility issue); made small steps in the right direction but we are still not there :( This week: - #32053 - #31597 - finish #30429 - look at/finish #31010 - work on setting up the Android signing (token)
boklm: Last week: - helped with building new releases - Continued investigating reproducibility issues (#32052 and #32053) - Helped with fix for #32342 - Rebased patch for #30334 (build_go_lib for executables) This week: - Help with publishing of new releases - Work on #18867 (Ship auto-updates for Tor Browser nightly channel) and sub-tickets - Test/review rebased patch for #30334 (build_go_lib for executables)
- Matt