Notes from the Tor Browser team meeting, 4 June 2018 - tor-project

4 Jun 2018


      Hi!
We just finished our weekly Tor Browser meeting. The chat log can be
found at:
http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-06-04-18.00.log....
The notes from our pad are:
Monday, June 4, 2018
Discussion:
    sysrqb: Do we want to use the 'status:' updates during the week like
the network team? [GeKo: It seems we like this idea. Need to check with
the network team to not mess with their status updates]
    sysrqb: General question: is there an update/timeline on the new
tp.o website? [GeKo: not sure actually]
igt0:
    Last Week:
      - Updated #1459420 patch (HLS Player doesn't use the centralized
Proxy Selector)
      - Still struggling with the Orfox crash, I also contacted Till
from Mozilla (sysrqb: could you give a hand? yes)
      - Delivered my talk in the JSConfEU about fingerprinting
techniques and mitigations. [GeKo: Are there slides/a recording
available somewhere?]
    This Week:
      - More Orfox debugging
      -  tweak Tor Button to make it work on mobile and initial mobile
UI preparation (we need to think about what we can reuse)
mcs and brade:
  Last week:
    - Reviewed and tested rebased external helper app patch (part of
#25543).
    - Fixed #26235 (Help menu does not open in Tor Browser nightlies
based on ESR60).
    - Started working on #22074 (Review Firefox Developer Docs and
Undocumented bugs since FF52esr).
  This week:
    - File a Bugzilla bug for #25909 (disable updater telemetry)
    - Continue with #22074 (Review Firefox Developer Docs and
Undocumented bugs since FF52esr).
GeKo:
    Last week:
      - continued MAR signing key testing
      - finished macOS patches for new toolchain (including all the
other components, not only firefox), nightlies should be available
rather soon
      - made progress on the network review
      - reviews (#25859, #25650, #26204, #26235)
      - sent out 1:1 feedback scheduling mails
  This week:
      - finish MAR signing testing and come up with a plan for the
changes we need for the next update and how we address them (#26050)
      - network review
      - more code reviews
      - help with the windows changes for esr60
      - begin of the month admin stuff, ticket prioritization for next alpha
      - I'll be afk on 6/6
sukhe:
    Last Week:
- Worked on #26204, #25837, #26073, #26216 (in progress), #26205 (in
progress). Looked at Windows builds of Firefox 60ESR
- Rust build question: what's the purpose of prev_version? Is
there a reason we are using the source tar and not the git?
I am asking because panic-abort.patch fails to apply for the
Windows 32bit build.
I am building on top of master with
https://github.com/azadi/tor-browser-build-1/tree/bug-26204
and
https://gitweb.torproject.org/user/gk/tor-browser-build.git/commit/?h=bug_26...
merged
[boklm: prev_version is the binary version we use for
bootstrapping the build. panic-abort.patch was made on rust 1.25.0 and
it seems it will need to be rebased on version 1.26.1.]
This week:
- Resume #26126, #26205, #26203 (Windows builds)
tjr
 - Ethan, Tim and Gary are back! Had their first couple days. Will sync
up with them this week. (Arthur says: yay!)
 - Expect a Tor/Mozilla sync meeting to get scheduled after all-hands,
probably late day Berlin time / early morning USA time
 - MinGW Work
- x64 Sandbox work:
https://bugzilla.mozilla.org/show_bug.cgi?id=1461421
- x64 Sandbox with jemalloc:
https://bugzilla.mozilla.org/show_bug.cgi?id=1466192
- Jacek will start on mingw-clang sometime soonish in
https://bugzilla.mozilla.org/show_bug.cgi?id=mingw-clang and children
boklm:
    Last week:
        - reviewed #26204, #26249, #9711, #25832, #25894, #25554,
#25548, #26195, #26003
        - updated #25860 (Clean up OpenSSL's configure options for Windows)
    This week:
        - finish reviewing #24632 (Update macOS toolchain for ESR 60)
        - update HEASLR patch (#12968) and try to inspect the binary to
check if we are good
        - start looking at #26050 and #26234 (update "watershed" for
ESR60-based Tor Browser)
        - fill upstream binutils ticket for #26148
        - continue work on some ansible roles for testsuite VMs setup
(#26149)
pospeselr:
    Last week:
        - run without /proc patch uplift updates
        - seems like #23247 test failures were some intermittent issue
with the ESR60 tryserver, rebased agains latest and test failures went away
        - localization approach of pulling strings from tor-button
strings list won't work as is (due to string formatting specifiers)
- problem is modifying that first line which either shows:
- the various HTTPS and encryption properties (uses string
formatters) OR
- scary connection not encrypted message (hard coded string)
- for onion https connections we would need to throw away the HTTPS
info altogether and only display a constant 'onion encryption' message
for the 1st line
- if anyone has thoughts on this I'm all ears
- started work on #26039
(<profiledir>/preferences/extension-overrides.js will not be loaded in
ESR 60)
- took off Friday (and Monday was Holiday)
This week:
- finish up #26039 patch
sysrqb:
    - Last week:
        Monday was US holiday
        Continued work on TBA patches
        Looked at Orfox bug
        Began dogfooding nightly
    - This week:
        Rebasing and testting TBA patches on top of Arthur's Tor Browser
patches (#26233)
        Looking at Orfox bug some more
arthuredelstein:
    - Last week:
        Finished a branch for #26233 (Rebase to Firefox 61)
        Started work on #14952 (HTTP2 audit and patch)
    - This week:
        Try to get a patch for review for #14952
        Work on #25555 (optimistic socks) and #26128 (noscript/security
slider, possibly in collaboration with sukhe)
Georg