Hello everyone,
Last Monday we held our weekly Tor Browser Team Meeting. The notes are available http://meetbot.debian.net/tor-meeting2/2019/tor-meeting2.2019-12-02-18.29.lo...
We briefly talked about team/ticket maintenance, and we are looking at allocating funding for fixing bugs using the Bug Smashing funds we received in August (yay!).
We held a conversation about what purpose the .mozconfig* files within the tor-browser repository should have. We decided they should be useful/usable for developers now, and we may change how they are maintained in the future.
Finally we discussed a problem with localized Tor Browser installations, where the locale of the browser may leak to websites, therefore people who use locales that are not very popular may place themselves in small anonymity sets. Should we warn users about this before/after they download the browser? When and how should we do it? These are open questions, and we're still looking for some help answering them.
===========================================
Discussion: - Release - December ticket assignment and Reviewers - #32116 - #32602 (Consider what to do about locales used by very few people)
pospeselr: Last week: - US thanksgiving holiday travel fun - more flu! - 9.0.2-build2 build -> https://people.torproject.org/~richard/builds/9.0.2-build2/ - Mozila 1594455 uplifting progress (letterboxing improvements) https://bugzilla.mozilla.org/show_bug.cgi?id=1594455 - Prototype patch for #32325 (add option to disable letterboxing to about:preferences) - going to try and get this uplifted to firefox directly to avoid having to write two rather different patches to handle our disparate localization systems - screenshot: https://share.riseup.net/#Mgnlm4ZlDQO9mlUtGGZ5fg This week: - update #32116 patch with comments pointing devs to actual mozconfig's in tor-browser-build - submit #32325 patch to Mozilla - review/comment on #32645 (Update URL bar onion indicators) - nail down UX design on #30570
boklm: (might be afk during meeting) Last week: - Finished first part for #25101 (Generate incremental mar files for nightly builds) - Helped with build of new releases - Added test for #27265 (In some cases, rbm will download files in the wrong project directory) - Updated patch for #32475 (Reduce the number of locales we provide updates for in nightly) - Reviewed #31130 (Use Debian 10 for our Android container images) - Looked at blog comments This week: - Will be at Reproducible Builds summit the next 3 days - Help with publishing of the new releases - Work on: - #31988 (Generate a mar signing key for nightly builds) - #25102 (Add script to sign nightly build mar files) - Try to find some time to test rebased patch for #30334 (build_go_lib for executables)
GeKo: Last week:
- more work on #32053 (made good progress; a patch is hopefully ready later this week), #31597 (made good progress), and #25021 (made not so good progress :( )
- wrote patches for #32556, #32505, 32618
- reviews (#32616, #32498, #32255, #32475, #25101, #32365, #32606, #27265, #32527)
- release prep
- work on apple signing infrastructure update (#32173, #32556)
- more RLBox investigation in my spare time
This week: - #32053, #31597, #25021 - start with the BIG ticket triage - reviews - more RLBox work in spare time
mcs and brade: Last week: - Enjoyed some time off for the U.S. Thanksgiving holiday. - Sponsor 27 work: #19757 (permanent storage of client auth keys and associated management UI). - Code reviews: - #32498 (Update MAR_CHANNEL_ID for nightly build). - #32505 (Tighten our rules in our entitlements file for macOS). - Reviewed recent Mozilla updater changes and worked on #32616 (disable GetSecureOutputDirectoryPath() functionality). This week/upcoming: - More work on #19757 (permanent storage of client auth keys and associated management UI). - Code reviews.
Jeremy Rand: Last week: - Decided to be a subversive by not taking time off for Thanksgiving :) - Tested boklm's patch for #32527. - Debugged #32520 a bit, submitted a patch that doesn't need libfaketime. - Spent most of my dev time on non-Tor things while I'm waiting for more feedback to show up for #30558. This week: - Address whatever review happens on #30558. - @pili Would it be beneficial for me to attend S27-related meetings to provide a Namecoin perspective? If there's stuff happening there that's relevant, I'm happy to attend; if it's not going to be relevant; then that's fine too and I can save my time for other things. :)
sysrqb: Last week: Release prep and building Some ticket reviews This week: Releases Sending some overdue emails tor browser spec updates android signing key documentation
antonela - opened #32645 Update URL bar onion indicators - reviewed #21952 Onion location - reviewed #32325 Allow letterboxing opt-in/out - reviewed #30570 Implement per-site security settings support
sisbell: Last Week: - #31130 - Buster Support - small change to use snapshot repo. Tested Android variant build - #32476 - Review/Comments of JNI services - #32534 - Review/Comment on new jtorctl implementation - #32501 - Fixed formatting in TorSettings interface (TOPL) - ready for review - #32516 - Write methods in TorConfigBuilder - fixed a number of issues to make methods cleaner, more consistent. - #32405 - Crash after bootstrap - fixed/merged - Thanksgiving holiday This week: - test buster on different variants - #28704 Compile Tor and dependencies (#28764 SSL, #28765 LibEvent)
Pili: Last week: - S9 Phase 2 report This week: - Catching up on roadmap and projects after reporting season - Please start tagging bugs with "BugSmashFund" and adding points to it so we can start "using" the pot of money :) - Please update your November Actual Points - Reminder about moving off Storm and into NextCloud - please move any documents you want to keep to Nextcloud ===========================================
- Matt