Hi everyone,
We held our weekly team meeting on 21 January. The meeting logs are available at http://meetbot.debian.net/tor-meeting2/2020/tor-meeting2.2020-01-21-18.29.lo...
Summary: 1) Mozilla released 68.4.2esr at the beginning of the week, but we decided against releasing Tor Browser updates. The Firefox release was not driven by a security issue, and the update primarily fixes a graphics bug in a virtual environment. 2) It's GSoC season again, so we're thinking about potential worthwhile projects. 3) We're thinking about increasing the frequency of Alpha releases. Currently they follow Mozilla's 4-week rapid release (same as our Stable releases), but there may be some benefits to releasing more updates on the Alpha channel. We're considering moving to a two-week release cycle when it is helpful (and we can skip the extra release when it doesn't make sense). 4) Some team members will be at the Mozilla All Hands next week, so the team meeting will likely be less eventful.
Meeting notes: ================================================== Week of January 21, 2020
Discussion: - Anyone want to propose/mentor a project for GSoC? - Tor Browser releases - Will we be meeting next Monday (during Mozilla all hands)? [brade] [pili: I will postpone the release meeting on wednesday to the following week]
pospeselr: Last week: - #30750 progress!
- further uMatrix investigation, tldr; does not have the full feature set we want for Tor Browser (at least webgl and web-font blocking)
- ma1 seems willing to add the features we need to NoScript
- Mozilla 1532486 patch updates (in-memory only media memory cache, disk sanitization) - Code reviews: #19757, #30237 This week: - Misc Berlin prep - #30750 - Revision for Mozilla 1594455 (Change letterboxing background to match theme, snap browser content to top)
mcs and brade: Last week: - Sponsor 27 work: - Did some planning and created estimates for our remaining Sponsor 27 items. - Posted patches for #19757 (permanent storage of client auth keys and associated management UI). - Rebased and revised patches for #30237 (v3 client auth prompt). - Published some test builds for UX review, etc. - https://people.torproject.org/~mcs/volatile/v3-auth/ This week/upcoming: - Respond to review feedback for client auth patches. - #19251 (onion services error page).
sysrqb: Last week: - Looked at .onion AltSvc handling for #27502 and #30599 - Reviewed Tor Browser manual for Android - Triaged tickets - Began looking at some of Chrome's Privacy Sandbox proposals - Worked on sketching some team-improvement ideas and team processes - S27 tickets - Began outstanding code reviews This week: - Code review - Prep for Moz All Hands
boklm: Last week: - Reviewed #28704 (Compile Tor and dependencies on our own for Android) - Reviewed #32435 (Compile clang for Linux x86_64 with WASM support) and started looking at others RLBox tickets - Added script to generate a mar signing key for nightly builds (#31988) - Made patch for #33012 (Remove unneeded namecoin and snowflake definitions) - Made patch for #32948 (Make referer behavior consistent regardless of private browing mode status) - Looked at blog comments This week: - Finish reviewing #32870 (Bump version of pion webrtc in Tor Browser) - Look at #28325 (Use go 1.11 module versioning support) - Try to finish remaining things for #18867 (Ship auto-updates for Tor Browser nightly channel): - Waiting for #32800 to be done (Creating some space to host Tor Browser nightly updates). To start testing before that, I will start with uploading mar files to people.tpo. - Waiting for #32768 to be reviewed/merged (Create a build-infos.json file containing firefox platform_version and buildid) - Review #32456 (Add a question in support.tpo about anti-virus reporting a virus in Tor Browser) - Look at macOS signing situation - More RLBox reviews
sisbell: Last Week: #28764 - OpenSSL Android - moved to static compile within tor lib - #28766 - Tor Build for Android - Created packaging for app. Some build changes around flags. Tor runs successfully on device. This week: - #28766 - Respond to feedback - # 32991/32992 - create and integrate compression libraries for tor. - Follow ups with guardian about next steps for shared components - Investigate what would be needed to upload native Android tor builds to maven central
acat: Last week: - #31395: Remove inline <script> in aboutTor.xhtml - #32767: Remove Disconnect search as it is discontinued - Investigated/thought about #28005: Officially support onions in HTTPS-Everywhere - backported patch for #22919: Form tracking and OS fingerprinting (only Windows, but without Javascript) This week: - Keep working on #28005 (time estimates, document https everywhere vs directly in Tor Browser pros/cons, do a quick prototype?)
Jeremy Rand: Last week: Dealt with funding stuff.... Was a bit less productive than usual (again) due to illness. (Pretty sure I'm fully recovered now.) This week: Send a draft tor-talk post to Matt for review. Continue dealing with funding things.... Address any feedback that arrives for the Namecoin support in Nightly.
pili: Last week: - GSoC wrangling - FOSDEM wrangling - Tor Browser Release planning This week: - S27: review outstanding items - More GSoC and FOSDEM
==================================================
Thanks, Matt