Tor Browser Team Meeting Notes, 06 January 2020

List overview All Threads
Download

newer

older

Tor Browser Release meeting this...

Anti-censorship team monthly...

Matthew Finkel

23 Jan 2020 23 Jan '20

10:09 p.m.

Hello everyone,

Our first meeting of 2020 was held on 6 January.

2020 will be an exciting year for Tor Browser! We have a busy year ahead of us and we're hitting the ground running.

The logs are available at http://meetbot.debian.net/tor-meeting2/2020/tor-meeting2.2020-01-06-18.29.lo...

Summary: 1) Discussed how we can move forward with implementing per-site settings 2) Discussed how long it will take before we start writing 2020 instead of 2019 on documents 3) Discussed future plans for Namecoin integration (adding more platforms, timeline for adding in Alpha, etc.)

With regard to (3), Namecoin is currently available in Tor Browser Nightly builds on Gnu/Linux 64-bit. Please provide feedback is you try it!

================================ Week of January 6, 2020

Discussion: How long will we be dating things 2019 when signing documents? Will this decade be as roaring as the 1900s version? - if it will be, is that a good thing

pospeselr: Last weeks: - #31855 (remove end of year fundraising campaign) - small progress on Mozilla 1601040 and 1594455 This week: - continue baby-sitting above Mozilla tickets - #30570 (implement per-site security settings)

- what do folks think about the discussion in the ticket?

- tldr: looks like to build something consistent with the design laid out there requires a lot of work basically reimplementing what NoScript does, or heavily refactoring/redesigning NoScript's internals :/

- look into umatrix extension as an alternative to NoScript

- put umatrix findings in a doc or on the ticket

mcs and brade: Last few weeks: - #32636 (Clean up locales shipped with Tor Launcher). - Code review for #31855 (Remove EOY Campaign from about:tor). - Sponsor 27 work: - #19757 (permanent storage of client auth keys and associated management UI). - Time off for Christmas and end of year. This week/upcoming: - #19757 (permanent storage of client auth keys and associated management UI).

boklm: Last few weeks: - Made patches for: - #32768 (Create a build-infos.json file containing firefox platform_version and buildid) - #32805 (Make creation of downloads.json optional) - Worked on #25102 which is almost finished (Add script to sign nightly build mar files, generate update-responses xml and publish the new version) - Looked at blog comments This week: - Help with publishing new releases - Finish work on #25102 (script to sign nightly build mar files, generate update-responses xml and publish the new version) and remaining things for #18867 (Ship auto-updates for Tor Browser nightly channel) - Try #32768 (Make script to optimize upload and download of Tor Browser releases) - Look at macOS signing situation

sysrqb: Last few weeks: Mostly distracted by holidays, family, etc. Preparing releases for this week This week: Releases Reviewing roadmap for Q1 2020 Finishing remaining items we didn't finish last year

Jeremy Rand: Last few weeks: #30558 is merged, yay. Attended 36C3; gave a talk and workshop; ran into boklm there :) This week: Ponder next steps for Namecoin now that the initial merge to Linux Nightly has happened. ================================

- Matt

Show replies by date

Matthew Finkel

24 Jan 24 Jan

1:17 a.m.

New subject: Tor Browser Team Meeting Notes, 13 January 2020

Hello everyone,

We held our weekly team meeting on 13 January. The meeting logs are available at: http://meetbot.debian.net/tor-meeting2/2020/tor-meeting2.2020-01-13-18.29.lo...

We released three Tor Browser updates (two stables, and one alpha) the previous week. Huge thanks to everyone involved in the process!

Summary: 1) We discussed site-specific settings again, with a focus on integrating the functionality directly into the browser (Tor Browser, but ideally Firefox) 2) We're beginning to look at UniGL[0] for possible integration into Tor Browser 3) There is a question about who we should contact when we are notified about an upcoming, unscheduled Firefox release 4) Discussed where the new namecoin integration should be announced and how feedback should be received (probably starting with tor-talk@ and going from there). 5) We are beginning to update "actual points" on our tickets on a weekly basis, instead of when the ticket is completed.

[0] https://github.com/UniGL/addon

Meeting notes: ============================== Week of January 13, 2020

Discussion: - Anything we want to highlight for the "State of the Onion" FOSDEM talk?

pospeselr: Last week: - reviews: #21952 (Onion-Location), #32778 (tor publish/subscribe fix for Windows)

- probably spent way too much time on #21952

- discussed the spec with asn

- the tldr; is that the spec itself is old and was not thoroughly thought out with how the new header should interact with all of the possible HTTP results (ie what should happen if you get an Onion-Location header with a 404, 30X redirects, etc, etc)

- they suggested we ping web folks who would actually use Onion-Location header (anarcat/hiro, our Facebook friendo, etc) and see how they would want it to work/how they would configure web services to use it

- dove into uMatrix for #30570, haven't had a chance to write up findings yet on ticket

- the tldr; uMatrix looks like a good alternative to NoScript, already supports 'scoping' rules off of domain (so we get 3rd party isolation of content blocking rules for 'free')

This week:

- #30750: actually start writing some prototype code for Tor Browser to interface with uMatrix for script isolation

GeKo: Last week: - finished #31597 Firefox 61-68 bug review (finally, and we are good \o/) - helped with the Tor Browser releases - wrote patch for preferences clean-up (#27268) - posted patches for RLBox build changes in tor-browser-build (#32434, #32435, #32436, #32437) - ticket triage - design doc update (#25021) - wrote mail to tbb-dev about potential tbb proposal changes (https://lists.torproject.org/pipermail/tbb-dev/2020-January/001033.html) This week: - mar signing key creation (#32658) - more work on RLBox integration - ticket triage - design doc update (#25021)

mcs and brade: Last week: - Sponsor 27 work: - Reviewed UX design for #19251 (error page specific to when .onion links fail). - Made progress on #19757 (permanent storage of client auth keys and associated management UI). This week/upcoming: - Create estimates for our remaining Sponsor 27 items. - #19757 (permanent storage of client auth keys and associated management UI). - We plan to post patches this week. - Make available to Antonela a “work in progress” build that contains the Sponsor 27 auth prompt and key management UI.

boklm: Last week: - Helped to build/publish new releases - Looked at blog comments - Worked on #25102 (Add script to sign nightly build mar files, generate update-responses xml and publish the new version) This week: - Review RLBox patches - Review #32456 (Add a question in support.tpo about anti-virus reporting a virus in Tor Browser) - Finish work on #25102 (script to sign nightly build mar files, generate update-responses xml and publish the new version) and remaining things for #18867 (Ship auto-updates for Tor Browser nightly channel) - Try #32768 (Make script to optimize upload and download of Tor Browser releases) - Look at macOS signing situation

sysrqb: Last week: Three releases! (thanks for everyone's help!) Began Jan 2020 roadmapping Attended Real World Cryptography Symposium This week: Working on finishing Jan 2020 roadmap, and moving onto Feb/March roadmap Reviewing tickets and reprioritising

Jeremy Rand: Last week: Pondered next steps for Namecoin a bit. Was a bit less productive than usual due to minor illness. This week: [discuss] Where should I be asking users to report their feedback on the Namecoin integration in Nightly? (So far I've just been telling people "let me know if you see any bugs", which isn't really ideal for making sure Tor sees representative feedback.)

acat: Last week: - Revised #28745: THE Torbutton clean-up - Revised #21952: Onion-location: increasing the use of onion services through automatic redirects and aliasing - Tested/checked tom's new patch for #23719: Make sure WebExtensions are spared from JIT disabling in higher security settings (Medium-High) - Patch for #32414: window.external.AddSearchProvider request goes through catch-all circuit - Revised #22919: Form tracking and OS fingerprinting This week: - Probably some more revision for the last week work. - ? #28005: Officially support onions in HTTPS-Everywhere ? - #31395: Remove inline <script> in aboutTor.xhtml - #32767: Remove Disconnect search as it is discontinued - Do estimates for remaining s27 items.

sisbell: Last Week: - #28765 - LibEvent Android - moved to using clang (this solved a bunch of problems with building tor android) - #28766 - Tor Build for Android - verified compiling with armv7 and x86_64 (still need to do proper packing for apk) This week: - #28766 - Handle packaging and input into tor-android-service, verify build runs on device

Antonela: - I should work on S27 related tickets this week: - Review #30090 - Onion Errors - Review #32645 - URL bar indicators - sysrqb: We should talk about the overlapping bits in our roadmaps. Berlin seems a good time for us to coordinate it.

Pili: Last week: - Catching up after vacations This week: - High Level Roadmapping for 2020 - Refining our capacity estimates based on 2019 data - It would be useful if people could update "Actual Points" for tickets they worked on during a month to make it easy to break up actual capacity for tickets spanning multiple months - Would people be ok with doing that? [discuss] - Getting back to a trac triage routine ==============================

Thanks, Matt

Matthew Finkel

1:35 a.m.

New subject: Tor Browser Team Meeting Notes, 21 January 2020

Hi everyone,

We held our weekly team meeting on 21 January. The meeting logs are available at http://meetbot.debian.net/tor-meeting2/2020/tor-meeting2.2020-01-21-18.29.lo...

Summary: 1) Mozilla released 68.4.2esr at the beginning of the week, but we decided against releasing Tor Browser updates. The Firefox release was not driven by a security issue, and the update primarily fixes a graphics bug in a virtual environment. 2) It's GSoC season again, so we're thinking about potential worthwhile projects. 3) We're thinking about increasing the frequency of Alpha releases. Currently they follow Mozilla's 4-week rapid release (same as our Stable releases), but there may be some benefits to releasing more updates on the Alpha channel. We're considering moving to a two-week release cycle when it is helpful (and we can skip the extra release when it doesn't make sense). 4) Some team members will be at the Mozilla All Hands next week, so the team meeting will likely be less eventful.

Meeting notes: ================================================== Week of January 21, 2020

Discussion: - Anyone want to propose/mentor a project for GSoC? - Tor Browser releases - Will we be meeting next Monday (during Mozilla all hands)? [brade] [pili: I will postpone the release meeting on wednesday to the following week]

pospeselr: Last week: - #30750 progress!

- further uMatrix investigation, tldr; does not have the full feature set we want for Tor Browser (at least webgl and web-font blocking)

- ma1 seems willing to add the features we need to NoScript

- Mozilla 1532486 patch updates (in-memory only media memory cache, disk sanitization) - Code reviews: #19757, #30237 This week: - Misc Berlin prep - #30750 - Revision for Mozilla 1594455 (Change letterboxing background to match theme, snap browser content to top)

mcs and brade: Last week: - Sponsor 27 work: - Did some planning and created estimates for our remaining Sponsor 27 items. - Posted patches for #19757 (permanent storage of client auth keys and associated management UI). - Rebased and revised patches for #30237 (v3 client auth prompt). - Published some test builds for UX review, etc. - https://people.torproject.org/~mcs/volatile/v3-auth/ This week/upcoming: - Respond to review feedback for client auth patches. - #19251 (onion services error page).

sysrqb: Last week: - Looked at .onion AltSvc handling for #27502 and #30599 - Reviewed Tor Browser manual for Android - Triaged tickets - Began looking at some of Chrome's Privacy Sandbox proposals - Worked on sketching some team-improvement ideas and team processes - S27 tickets - Began outstanding code reviews This week: - Code review - Prep for Moz All Hands

boklm: Last week: - Reviewed #28704 (Compile Tor and dependencies on our own for Android) - Reviewed #32435 (Compile clang for Linux x86_64 with WASM support) and started looking at others RLBox tickets - Added script to generate a mar signing key for nightly builds (#31988) - Made patch for #33012 (Remove unneeded namecoin and snowflake definitions) - Made patch for #32948 (Make referer behavior consistent regardless of private browing mode status) - Looked at blog comments This week: - Finish reviewing #32870 (Bump version of pion webrtc in Tor Browser) - Look at #28325 (Use go 1.11 module versioning support) - Try to finish remaining things for #18867 (Ship auto-updates for Tor Browser nightly channel): - Waiting for #32800 to be done (Creating some space to host Tor Browser nightly updates). To start testing before that, I will start with uploading mar files to people.tpo. - Waiting for #32768 to be reviewed/merged (Create a build-infos.json file containing firefox platform_version and buildid) - Review #32456 (Add a question in support.tpo about anti-virus reporting a virus in Tor Browser) - Look at macOS signing situation - More RLBox reviews

sisbell: Last Week: #28764 - OpenSSL Android - moved to static compile within tor lib - #28766 - Tor Build for Android - Created packaging for app. Some build changes around flags. Tor runs successfully on device. This week: - #28766 - Respond to feedback - # 32991/32992 - create and integrate compression libraries for tor. - Follow ups with guardian about next steps for shared components - Investigate what would be needed to upload native Android tor builds to maven central

acat: Last week: - #31395: Remove inline <script> in aboutTor.xhtml - #32767: Remove Disconnect search as it is discontinued - Investigated/thought about #28005: Officially support onions in HTTPS-Everywhere - backported patch for #22919: Form tracking and OS fingerprinting (only Windows, but without Javascript) This week: - Keep working on #28005 (time estimates, document https everywhere vs directly in Tor Browser pros/cons, do a quick prototype?)

Jeremy Rand: Last week: Dealt with funding stuff.... Was a bit less productive than usual (again) due to illness. (Pretty sure I'm fully recovered now.) This week: Send a draft tor-talk post to Matt for review. Continue dealing with funding things.... Address any feedback that arrives for the Namecoin support in Nightly.

pili: Last week: - GSoC wrangling - FOSDEM wrangling - Tor Browser Release planning This week: - S27: review outstanding items - More GSoC and FOSDEM

==================================================

Thanks, Matt

Matthew Finkel

5 Feb 5 Feb

4:15 p.m.

New subject: Tor Browser Team Meeting Notes, 03 February 2020

Hello everyone,

We held our weekly meeting on Monday, 03 February. The meeting log is available at http://meetbot.debian.net/tor-meeting2/2020/tor-meeting2.2020-02-03-18.29.lo....

The meeting primarily consisted of a summary of discussions we had at last week's Mozilla All-Hands meeting. We are also beginning our transition off of Mozilla's ESR train and onto the Release train.

Meeting notes: ==============================================

Week of February 3, 2020 Discussion: Future plans

mcs and brade: Last week: - Sponsor 27 work: - Responded to more review feedback in #19757 (permanent storage of client auth keys). - Continued implementation work for #19251 (onion services error page). - Code reviews. This week/upcoming: - Revise our patch for #19757 (permanent storage of client auth keys). - Follow up with the Network Team on some issues that acat found while reviewing #19757. - Continue to work on #19251 (onion services error page).

Jeremy Rand: Last week: Finished notes on Namecoin subtasks that might be relevant to Tor which we could ask for NLnet funding for, sent list to Matt in case he can easily think of something that I've left out. @sysrqb not sure if you've had a chance to glance at my email yet -- I hope I'm not bombarding you with too much info there... is the info I provided at all helpful? Have I omitted anything that jumps out at you? Got sidetracked with non-Tor-related Namecoin things that needed to be dealt with, so didn't yet finish the tor-talk mailing list post. This week: Finish the tor-talk mailing list post draft, send to Matt so he can let me know if I've inadvertently left something out.

sisbell: Last Week: - #32991/32992 - created and integrate LZMA and ZSTD compression libraries for tor. Both projects building. Also verified compiling with tor project. - #28704 - Tor Build for Android - some discussions around blocking issue. Three possible approaches: 1) Move to JNI load libraries from Android or 2) try LD_LIBRARY_PATH or 3) static compile (verified as working). Going to try 2) and fallback to 3) if it doesn’t work. This week: #28704 - test and decide on approach. Will be testing with all libraries including compression libraries. Will respond to feedback, so we can try to wrap up this week. #32993 - package tor-android-service: add new shared libraries to packaging #32200 - OpenSSL flags - this issue deals with some suggested flags for building openssl for Android. We need to make some calls on which ones we want to add #28704 - minor issue regarding use of pck-config that I want to fix

boklm: Last week: - Some reviews: #32891, #27903, #32700, #32870 - Made patch for #32493 (adding MOZ_SERVICES_HEALTHREPORT to mozconfig) - Started looking quickly at #32650 (Check translations for bogus characters) - Looked at blog comments This week: - Try to help with #32650 (Check translations for bogus characters) - Try to finish remaining things for #18867 (Ship auto-updates for Tor Browser nightly channel) - Review #32456 (Add a question in support.tpo about anti-virus reporting a virus in Tor Browser) - More reviews - Help with build of the new releases

tjr: - Ethan has cancelled our every-other-week uplift meeting and monthly meeting. - Not enough Mozilla work to justify continuing, we can do them on demand - Wrote patches for Ion/BaselineJit for Trusted Principals: https://bugzilla.mozilla.org/show_bug.cgi?id=1599226 - At All Hands worked on reproducible Windows builds: - It works in esr68; but not -central. - The differences include clang 8 vs 9, llvm-mingw, rust, and fortify_source/stack protector - glandium had mentioned a clang 9 reproducibility regression he saw on clang 9 for linux - he can't tell me if that's the same problem I have - When I reverted to clang 8 in -central it still had the same problem, so it must be something else from that list - Reverting llvm-mingw and fortify_source/stack protector broke things in a strange way - I can try one or two small things here, but otherwise I fear I will wind up having to put this aside...

acat: Last week: - Continued #28005 PoC implementation (https-everywhere .onion redirects) - Reviews: #27268, #19757, #32948 This week: - Revise #31395 (Remove inline <script> in aboutTor.xhtml). - Continue #28005 work.

sysrqb: Last week: Mozilla All Hands Future Tor Browser planning This week: Reviews, reviews, reviews Writing some emails about planning Reply to Jeremy

GeKo: Last week: Been at Mozilla's All Hands meeting Worked on RLBox (I got it working) Design doc update This week: Re-doing RLBox branch and further testing Moar design doc update

==============================================

Thanks, Matt

Matthew Finkel

18 Feb 18 Feb

3:37 p.m.

New subject: Tor Browser Team Meeting Notes, 10 February 2020

Hello everyone,

Last week we held our weekly team meeting. The meeting log is available here: http://meetbot.debian.net/tor-meeting2/2020/tor-meeting2.2020-02-10-18.31.lo...

The meeting wasn't very interesting. We briefly discussed rebasing Tor Browser patches onto the upcoming Firefox version, and we moved many tickets from this month onto our roadmap later in the year. This will give us needed flexibility for migrating onto the release train.

Meeting notes: =========================================== Discussion: - Gitlab Service Admin - Friendly reminder about updating points and self-assigning tickets you're working on :)

mcs and brade: Last week: - Sponsor 27 work: - Followed up with the Network Team on issues that acat found while reviewing #19757. - Revised our patch for #19757 (permanent storage of client auth keys). - Continued to work on #19251 (onion services error page). - Requested peer feedback for Feedback Cycle 2020-1. This week/upcoming: - More work on #19251 (onion services error page). - Review strings and comment in #33035 (create strings for onion service error pages).

pospeselr: Last weeks: - Mozilla AllHands - FOSDEM - #33035 (tor socks error code strings) - #32645 (new onion toolbar icons) This week: - verify #32645 patch actually works in all scenarios - begin assigned tor browser migration work - follow up with noscript folks regarding changes for per-site settings - exorcise ghosts from my build machine

Jeremy Rand: Last week: - Sent draft tor-talk post to Matt for review. - Merged a bunch of upstream Electrum stuff to Electrum-NMC (upstream decided to totally rewrite their transaction parsing code, so I got to rewrite all of Namecoin's patches to transaction parsing). - More time-wasting fun with funding proposal stuff. This week: - Post the tor-talk thread after Matt finishes reviewing it. - Hopefully see some feedback from users.

acat: Last week: - Revised #31395 (Remove inline <script> in aboutTor.xhtml) and #32767 (Remove Disconnect search). - Progress with #28005 PoC implementation (https-everywhere .onion redirects) This week: - Start rebasing Tor Browser patches onto mozilla-central. - Have some #28005 builds for UX review.

tjr: - The Ion/Baseline JIT patch is r+-ed. I will land it this week. Feel free to backport and take as desired. https://bugzilla.mozilla.org/show_bug.cgi?id=1599226 - I have not done nothing on reproducible builds in TC, but I have not done much.

boklm: Last week: - Made patches for #33200 (Reproducibility issue with bookmarks.html on macOS) and #33177 (Build of tbb-9.0.5-build1 fails for Android) - Helped with build of the new release - Improved script for #25102 (Add script to sign nightly build mar files, generate update-responses xml and publish the new version) - Looked at blog comments This week: - Help with signing/publishing of new releases, build of alpha - Now that #32800 is done, get everything ready for nightly updates - Try to help with #32650 (Check translations for bogus characters) - Review #32456 (Add a question in support.tpo about anti-virus reporting a virus in Tor Browser)

sysrqb: Last week: Mostly release prep This week: Finishing release prep and releasing updates Triaging tickets

sisbell: Last Week: - #32991/32992/28764: - LZMA and ZSTD, OpenSSL. Verified that Shared Libraries in Android are not working when we start a tor process. Moved to static compiles. - #28763 - Tor Build for Android - Fixed pkg-config issue - #28704: Added Android NDK path to system path in android-toolchain. Various projects need to be able to locate host triple versions of tools. - #30767: Custom obfs4 bridge - added patch to to tor-onion-proxy (still need to test behavior on device) - Some investigations to fenix - Submitted MR to TOPL for #32501 and #30767 so we can remove patches - Summary: Verified Android tor running on device with statically compiled lama, zstd, openssl, lib event. This week: - Check in changes and commit on issues related to tor Android (in branch for review by 02/10). Respond to review comments - What are next priorities?

Pili: Last week:

- Tor Browser Team Monthly reports December and January

- Roadmapping with sysrqb

This week:

- S27 work completion report

- Cleaning up February tickets ===========================================

Thanks, Matt

Matthew Finkel

24 Feb 24 Feb

5:02 p.m.

New subject: Tor Browser Team Meeting Notes, 18 February 2020

Hi everyone,

Last week we held our weekly meeting.

The meeting log can be read here: http://meetbot.debian.net/tor-meeting2/2020/tor-meeting2.2020-02-18-18.31.lo...

Some highlights from the meeting: - Continued the discussion on releasing Alpha-series updates more frequently - Reminder about feedback cycle deadlines - Explanation about submitting Tor Browser releases to VirusTotal, past and future

Meeting notes: ====================== Week of February 17, 2020

Discussion: - VirusTotal?

pospeselr: Last week: - reviewed #19757 - #32645 work - built testing plan - patch submitted for review - started work on #13410 - got my build machine working (so I can make builds for releases again woop woop) This week: - PRESIDENTS DAY - get out a patch for #13410 (bad ssl splash screens) - check back in on Mozilla #1532486 (Ensure media cache is memory-only when in private browsing mode) - marked needinfo so probably needs a patch update - maybe get a patch out for #33298 (HTTP form should get warning popup when coming from onion site)

acat: Last week: - #28005 (https-everywhere .onion redirects): - done test builds and patches for review - sent e-mail re: securedrop update channels and https-everywhere modifications This week: - Rebase Tor Browser patches onto mozilla-central. - Take a quick look at #32767 issues to see if it has a simple solution.

mcs and brade: Last week: - Sponsor 27 work: - Revised our patches for #19757 (permanent storage of client auth keys). - Ready to land? - Reviewed strings and commented in #33035 (create strings for onion service error pages). - Continued to work on #19251 (onion services error page). This week/upcoming: - Code review for #32645 (Update URL bar onion indicators). - More work on #19251 (onion services error page). - The implementation is nearly done; we plan to post patches for review soon. - Strings and “Learn More” URLs are blockers for us (tracked in #33035). - Compose self & peer feedback for TPI Feedback Cycle 2020-1.

tjr: - Ion Patch finally landed: https://bugzilla.mozilla.org/show_bug.cgi?id=1599226

sysrqb: Last week: Tor Browser releases Ticket triage Blog post monitoring This week: Review #19757 Review #28704 Review #31130 Consider another alpha release next week

boklm: last week: - Helped with signing/publishing of new releases - Made patches for #33283 (Add caching for the exec function in rbm) - Started looking at #33289 (Expand list of targets more efficiently) to try to make rbm faster - Tried to setup rsync to nightlies.tbb.torproject.org (#32800) but did not succeed yet - Looked at blog comments This week: - Finish setup of nightly mar signing/rsync to nightlies.tbb.torproject.org - Make patches to add mar signing key to tor-browser.git, and update app.update.url for nightly - Look at testsuite setup - Some reviews - Try to help with #32650 (Check translations for bogus characters) - Review #32456 (Add a question in support.tpo about anti-virus reporting a virus in Tor Browser)

sisbell: Last Week: - #31130 - Debian Upgrade for Android - ready for review. All platforms are building. - #33359 - Use latest version of TOPL and remove patches - ready for review - #32476 - JNI layer for tor - moved JNI class to tor android and started some work to integrate with topl This Week: -#28794 - Android build of tor - this needs review - Next priorities to work on?

pili: Last week: - mostly afk with flu This week: - Catching up on sponsor work and roadmaps - trac triage ======================

Thanks, Matt

Matthew Finkel

9 Mar 9 Mar

8:40 p.m.

New subject: Tor Browser Team Meeting Notes, 24 February 2020

Hi eveyone,

On 24 February, we held our weekly team meeting. The meeting log is available at http://meetbot.debian.net/tor-meeting2/2020/tor-meeting2.2020-02-24-18.29.lo...

During this meeting we briefly discussed #13410 and how a naming system like Namecoin could provide a database where TLS certificates can be verified as trusted (via a TLSA-like mechanism).

Team progress and discussion notes ================================== Discussion:

pospeselr:

Last week:

- #29120 (Mozilla 1532486) uplifted (hmm) - #13410 work (Disable self-signed certificate warnings when visiting .onion sites)

- figured out a lot of ways to not do this >:[

- CertVerifier.cpp seems like the right place, should hopefully have this working today/tomorrow

This week:

- #13410 - should have a patch ready middle of this week

- Firefox release notes review ASAP

- #33298 - not necessary for S27, but technically needed to be consistent between HTTPS and onions

- delay to whenever

Jeremy Rand: Last week: - Did more hacking on the linux-arm port of Tor Browser. (I have a working mozconfig that builds a working linux-arm binary of Tor Browser's Firefox, in a Debian Buster ppc64le VM. The same mozconfig produces a build error in a Debian Buster rbm container. So the remaining bugs are not related to the mozconfig.) This week: - [discuss] Post the tor-talk thread after Matt finishes reviewing it. (@sysrqb is there any ETA on getting that reviewed?) - Maybe hack some more on the linux-arm port.

mcs and brade: Last week: - Reviewed patch for #32645 (Update URL bar onion indicators). - Posted patches for #19251 (onion services error page). - Worked on self feedback for TPI Feedback Cycle 2020-1. This week/upcoming: - Review pospeselr’s new #32645 patch (Update URL bar onion indicators). - Look at proposed onion service error strings (#33035). - Investigate #31984 (TB 9.x partial update: unable to remove directory: tobedeleted). - Work on self & peer feedback for TPI Feedback Cycle 2020-1.

GeKo:

Last week:

- worked on RLBox (I have backported patches up for review in #32380, will post the final branch after the meeting)

- had fun with #33416 while building the alpha (Android container creation breaks when building Tor Browser 9.5a6)

- a bit more work on the design document

This week:

- moar work on RLBox:

* [discuss] the plan is to have the patch integration sorted out this week and up for review (boklm: sysrqb: i'll be at a meeting in parallel, so I guess we can chat after the tor browser meeting about how to proceed here)

* start the macOS backports (#33410)

- design doc update

boklm: Last week: - Made patches for: - #33380 (Add *.json to sha256sums-unsigned-build.txt) - #33403 (Add nightly mar key) - #33402 (Set app.update.url for nightly) - Updated script for #25102 (Add script to sign nightly build mar files, generate update-responses xml and publish the new version): - signed nightly mar files and update xml are now on https://nightlies.tbb.torproject.org/nightly-updates/ - Helped build new alpha - Looked at blog comments This week: - Check if nightly updates are working - Help with publishing the new alpha - Look at testsuite setup - Some reviews: - RLBox patches - #28704 and child tickets (Compile Tor and dependencies on our own for Android) - #32456 (Add a question in support.tpo about anti-virus reporting a virus in Tor Browser) - Try to help with #32650 (Check translations for bogus characters)

acat: Last week: - Rebase Tor Browser patches onto mozilla-central. This week: - Rebase Tor Browser patches onto mozilla-central. - Investigate #33342 if there's time (Disconnect search addon causes error at startup)

sysrqb: Last week: - Release prep for 9.5a6 - Merged a few tickets - Reviewed some other tickets - Began sketching a process for getting l10n sign-off on new strings - Told Mozilla we might want to use Client Hints for informing websites we support .onion addresses This week: - Finish 9.5a6 release - Working on getting Apple notarization working - Finally respond to Jeremy - Maybe catch up on RLBox - I'll think of some more things when I start doing them

sisbell: Last Week: - Android for Tor - broke apart commits into separate branches, made various fixes based on reviews, did fix for build to work for Debian 19.10 - #32534 - add TBB project for jtorctl, integrated into rest of build This Week: - Respond and fix, based on reviews - Upgrade tor binaries to 0.4.x in tor-android-services - #32476 - work on JNI support for embedded tor for android - Fenix Investigation ==================================

Thanks, Matt

Matthew Finkel

8:50 p.m.

New subject: Tor Browser Team Meeting Notes, 02 March 2020

Hi everyone,

We held our weekly meeting on 2 March. The meeting logs are available at: http://meetbot.debian.net/tor-meeting2/2020/tor-meeting2.2020-03-02-18.29.lo...

During this meeting we briefly discussed #13410 and how Alec Muffett's S.O.O.C. proposal [SOOC] overlaps with the goal of this ticket. We didn't make any decisions about this topic, however.

[SOOC] https://github.com/alecmuffett/onion-dv-certificate-proposal/blob/master/tex...

Team progress and discussion notes ================================== Discussion:

GeKo:

Last week:

-I worked mainly on RLBox backports

* I have the Linux version up for review (see: #32380 and #32389)

* I got the macOS version ready for review, too (see: #33481, #33487, #33410)

This week:

-finally getting back to design doc update

-maybe working on RLBox reproducibility (#33488) tjr: I recall glandium and/or you had ideas for https://bugzilla.mozilla.org/show_bug.cgi?id=1612035, no? Now would be a good time to add those. :)

mcs and brade: Last week: - Reviewed #32645 patch (Update URL bar onion indicators). - Worked on onion service error strings (#33035). - Investigated and closed #31984 (partial update: unable to remove directory: tobedeleted). - Worked on small issues for #19251 (onion services error page). - Reviewed February Sponsor 27 report. - Worked on peer feedback for TPI Feedback Cycle 2020-1. This week/upcoming: - Review latest #32645 patch (Update URL bar onion indicators). - Finish and post patches for #19251 (onion services error page). - Revisit #32418 (Torbrowser tells on every start, that it can't update). - Finish and submit self, peer, and team lead feedback. - Start to review #28005 (Officially support onions in HTTPS-Everywhere).

pospeselr: Last week: - patch out for #13410

- put out for code review on Mozilla

- consensus among folks who know things about certs (dkeeler, alecmuffet, arma) is seems to be that what we're trying to do here is a bad idea and needs to be more restrictive

- dkeeler pointed me to alecmuffet's SOOC cert spec ( https://github.com/alecmuffett/onion-dv-certificate-proposal/blob/master/tex... ) as well a short summary of the discussions alec has apparently already had with the Mozilla folks

- alecmuffet pointed me to a doc containing the discussions about the spec as well as how to properly implement in firefox

- tldr; removing the chain-of-trust check for onions is not sufficient, but I have a high level understanding of the 'right' way to do this:

- implement sections 1.1 through 1.6 of the SOOC spec in a new 'TrustDomain' in Firefox that is used for onions

- final update for #32645 fixing some icon scaling issues

This week:

- peer feedback

- release notes review

- #13410 updates?

so to implement 1.1 through 1.6 the suggested mozilla way should mostly just be engineering/programming work with very little investigation, but it's still a sizable chunk of time (I'd estimate ~1-2 weeks?)

[discuss] do we want to go through the effort of redoing this for S27, or should we just take what we have now, stick it behind a only-enabled-in-alpha pref and come back to this when we have less time pressure?

- braindump on ticket, maybe start prototyping this

boklm: Last week: - Some reviews: #32437, #32436, #33216, #32992, #32991, #28766, #28765, #33215 - Helped with gpg signing new alpha - Looked at #32650 (Check translations for bogus characters) - Started looking at testsuite setup - Looked at blog comments This week: - Waiting for someone to review/merge #33402 and #33403 to check if nightly updates are working - Work on testsuite setup - More reviews - Submit feedback

sysrqb: Last week: Progress on getting macOS signing/notarization on the hosted signing machine Investigated CSS font-embedding on Safest security level Spent some time on the OTF grant Responded to Jeremy Looked at some possible paths for TLS cert warnings This week: Releasing 9.5a6 Code reviews Create a rough roadmap for the next one-two months (with Pili) Review S27 summary ...

sisbell: Last Week: - Android for Tor - a number of updates, testing. Following merged: #33216, #33215, #32992, #32991. Left with getting OpenSSL, Libevent and Tor project changes approved and merged. - #32476: JNI got build working in tbb - Fenix investigations around dependencies and latest gradle This Week: - Respond and fixes based on reviews to #28764, #28765, #28766 (Tor) - #28765: LibEvent: make small change to handle all platforms - Upgrade tor binaries to 4.x in tor-android-services - #32476 - integrate and test with TOPL, open branch for review

acat: Last week: - Rebase Tor Browser patches onto mozilla-central. This week: - Fix/polish a few remaining things of the mozilla-central patches rebase and create ticket for review. - Write feedback. - Revise #21952 (Onion-Location) to support meta tags. - Investigate #33342 (Disconnect search addon causes error at startup)

pili: Last week: - S27 February report - S27 release planning - GSoC wrangling This week: - Browser team February report - Start of month housekeeping - More GSoC wrangling - Work on developer portal - Tor Browser Release meeting this week

Jeremy Rand: Last week: - Posted on tor-talk asking for feedback on Namecoin integration in Nightly. - Looks like that thread attracted the attention of a journalist: https://linuxreviews.org/The_Nightly_Tor_Browser_Build_Has_Support_For_Namec... - More progress on the linux-arm port of Tor Browser... figured out why the Firefox build was failing with assembler errors; managed to get a working Tor Browser binary built in rbm. This week: - Await feedback on tor-talk thread. - Maybe more linux-arm port stuff. - File ticket about Namecoin TLS support. ==================================

Thanks, Matt

Matthew Finkel

10 Mar 10 Mar

12:40 p.m.

New subject: Tor Browser Team Meeting Notes, 09 March 2020

Hello everyone,

We held our weekly meeting yesterday. The meeting log is available at http://meetbot.debian.net/tor-meeting2/2020/tor-meeting2.2020-03-09-18.30.lo...

During this meeting we had a few discussion items, but in summary:

1) Tor Browser weekly meetings will now take place at 18:00 UTC in #tor-meeting2 beginning next week.

2) We tried releasing the Alpha series every two weeks, but it was too much of a burden on the team. As a result, we're planning on releasing Alpha updates on the same cycle as Stable for the next few months.

3) The Tor Browser team will meet at a new time beginning next Monday. The meeting will be held in #tor-meeting2, as we do currently, but we will meet at 18:00 UTC.

4) During the Sponsor 27 meeting today, we will discuss ticket #13410 and how we should proceed with regards to S.O.O.C. [SOOC].

[SOOC] https://github.com/alecmuffett/onion-dv-certificate-proposal/blob/master/tex...

Team progress and discussion notes ================================== Discussion: - RLBox ticket review - Android development - Release schedule - Team meeting time - Retrospective

pospeselr:

Last week:

- SOOC review and brain dump for #13410

- doesn't actually seem that bad, I think I can get this prototyped relatively easily

- seems like the bulk of the remaining work with SOOC is political w/ regards to finalizing the spec, uplifting to Firefox, etc

- team reviews

- began release note reviews (#33534)

- 9.5a7 build

This week:

- finish release note reviews (#33534)

- implement SOOC for #13410?

Future:

- review #32379

GeKo:

Last week:

- design doc update (#25021)

- renewal of authenticode signing cert (we'll see how long that takes)

This week:

- more design doc update (#25021)

- maybe work on https://bugzilla.mozilla.org/show_bug.cgi?id=1612035

sisbell: Last Week: - #33557: Update Android Toolchain for Fenix (in review) - #33556: TBB for android-components. This went well. I need to figure out some issues surrounding the local maven repo - #33184: Support for Fenix - have tbb build working with network enabled. Needs some work in local maven repo (same as #33556) - Opened various fenix related issues for tracking. This Week - I mostly worked on fenix last week. I’ll be focusing more on android tor related work this coming week. - #28765: LibEvent: make small change to handle all platforms - Fenix work: resolve local maven repo issues to get fenix and android-components projects building with cached artifacts. This does not yet involve integration with tor related projects. - #33565/#33564 - get lzma and zstd working with latest Android NDK. Starting with these because I expect they will be easiest to setup to verify how to use new toolchain.

mcs and brade: Last week: - Reviewed latest #32645 patch (Update URL bar onion indicators). - Started to review #28005 (Officially support onions in HTTPS-Everywhere). - Finished and posted patches for #19251 (onion services error page). - Posted a patch for #33482 (Update about:tor donate string). - Helped with #33514 (non-en-US Tor Browser 9.5a6 won't start up). - Revisited #32418 (on every start TB complains that it can't update). - Completed self, peer, and team lead feedback for TPI Feedback Cycle 2020-1. This week/upcoming: - Reviews, reviews, reviews: - #21952 (Onion-location). - #28005 (Officially support onions in HTTPS-Everywhere). - #33402 (Set app.update.url for nightly builds). - #33403 (Add nightly mar key to tor-browser). - Follow up on any remaining issues for #19251 (onion services error page).

sysrqb: Last week: - Released 9.5a6 - Began roadmapping Tor Browser migration - Release prep for 9.5a7 - More progress on Apple notarization - Tried to avoid COVID-19 - Release prep for 9.0.6 and 9.5a8 - OTF Tor Browser proposal This week: - Trying to avoid COVID-19 - Release 9.5a7 - Release 9.0.6 and 9.5a8 - Reviews

boklm: Last week: - Made patch for #33535 (Patch openssl to use SOURCE_DATE_EPOCH for copyright year) - Some reviews - Looked at bit at quilt/guilt to think about some proposal for handling tor-browser patches - Looked at blog comments This week: - Help with building/publishing new releases - Submit openssl patch for #33535 upstream - Work on testsuite setup - Work on setup of automatic rebasing of tor-browser patches on mozilla-central - Waiting for someone to review/merge #33402 and #33403 to check if nightly updates are working

pili: Last week: - OTF Browser proposal revisions - Start of month roadmap updates - February team report This week: - OTF proposal final revisions - Revisit gitlab for Browser team projects - Trac triage - Helping out with GSoC student queries - Schedule team retrospective

acat: Last week: - Finished #33533 (Rebase Tor Browser esr68 patches on top of mozilla-central) - Revised #21952 (Onion-Location) to support meta tags. - Wrote feedback This week: - Finish/send feedback (unfortunately it took more time than what I expected). - Reviews (#33482: Update about:tor donate string, #19251: TorBrowser might want to have an error page specific to when .onion links fail) - Investigate #33342 (Disconnect search addon causes error at startup) - Update #28005 (Officially support onions in HTTPS-Everywhere) to use securedrop testing update channel. - Test changes from legind in https-everywhere extension for #28005 ("get_simple_rules_ending_with" message).

Jeremy Rand: Last week: - Filed #33568. - Waited for more Namecoin feedback on tor-talk. - Hacked around with #32355 some more. This week: - Await more Namecoin feedback on tor-talk (hopefully it attracts some attention). - Hack on #32355 more. ==================================

Have a good week and happy hacking.

- Matt

Matthew Finkel

13 Apr 13 Apr

5:55 p.m.

New subject: Tor Browser Team Meeting Notes, 30 March 2020

Hi everyone,

On 30 March we held our weekly meeting. The logs from the meeting are available at http://meetbot.debian.net/tor-meeting2/2020/tor-meeting2.2020-03-30-17.59.lo...

The highlights from that meeting are:

1) Tor Browser should provide a mechanism for disabling auto-updating, and this will come from Firefox's Enterprise Policy system.

2) More Namecoin integration discussions

====================================== Discussion: Retrospective

pospeselr:

Last week:

- #21952 code review

- #33534 -> auditing new/added about:config prefs

- made it through half the diff between beta75 and esr68

- #33707 -> updated circuit display icon

This week:

- #33534

- finish the pref audit

- consolidate notes into actionable tasks

mcs and brade: Last week: - Code reviews. - Spent a little time on #33667 (macOS permission change). - Closed #30732 ("Your Firefox is critically out of date" banner). - #29630 (TorBrowser creates empty directory in "/tmp”). - #32418 (on every start TB complains that it can't update). - Is everyone okay with approach 2? (see https://trac.torproject.org/projects/tor/ticket/32418#comment:9) This week/upcoming: - Review latest patch for #21952 (Onion-Location). - Review latest patch for #28005 (.onions in HTTPS-E). - Review rebased updater patches (#33533). - #32418 (on every start TB complains that it can't update).

sysrqb: Last week: 9.0.7 release and 9.5a9 prep This week: 9.5a9 release (thanks boklm and antonela!) Look at H1 report Look at S27 tickets and catch up on that progress/status Catch up on Fenix and Migration status Misc. onion services-related emails

boklm: Last week: - Helped with new release - Started doing some tests for quilt/patches workflow - Monitored blog comments - Looked at #33702 (RSA_get0_d could not be located in the dynamic link library tor.exe) This week: - Finish publishing 9.5a9 - Help with build of next releases - Some reviews - Work on proposal for quilt workflow - Work on testsuite setup - Work on setup of automatic rebasing of tor-browser patches on mozilla-central

Pili: Last week: - S58 organisation and set up - S27 wrap up - Trac triage - Figuring out S27 follow up work for Tor Browser team This week: - Tor Browser release meeting - More S27 wrap up and monthly report - Roadmapping for next few months - Trac triage and end/start of month maintenance - Figuring out S27 follow up work for Tor Browser team

sisbell: Last Week: Fenix #33760: Update rbm,conf for latest NDK (in-review but will certainly require additional changes before final) #33564: Upgrade ZSTD to use Android NDK 21 (in-review) #33562: Upgrade lib event to use android NDK (complete but need to update ticket) #33568: Upgrade TOPL to use latest toolchain (complete) #33626: Add TBB project for GeckoView - working through this #33565: Upgrade LZMA to use Android NDK 21 (works without change) closed this issue Android Tor - tickets are still in review so didn’t make any changes This Week: # Follow up on reviews of Android Tor Support (priority) Fenix #33564: Upgrade tor to use Android NDK 21 #33626: Continue work in TBB for GeckoView #33559: Upgrade android-tor-service to use latest android toolchain

acat: Last week: - Revised #28005 (Officially support onions in HTTPS-Everywhere to use securedrop testing update channel.) - Revised #21952 (Onion-location) - Got a tor-browser-build working for #33533 (Rebase Tor Browser esr68 patches on top of mozilla-central) - Manually rebased to latest central - Added some children tickets. This week: - Fix Tor Browser unit tests for #33533 branch (mozilla-central): - #30832 and children - Possibly some (hopefully simple) revisions of #21952 (Onion-Location) and #28005 (Https-Everywhere .tor.onion). - Possibly help with other tasks related to migration to rapid release cycle.

Jeremy Rand: Last week: - Got more feedback on Reddit for Namecoin integration. - Filed #33749, posted patch. - Filed #33752, debugged it a bit. This week: - Relay r/Namecoin test reports to tor-talk mailing list. - Hopefully get more feedback on Namecoin integration via Twitter. ======================================

Thanks, Matt

Matthew Finkel

8:05 p.m.

New subject: Tor Browser Team Meeting Notes, 06 April 2020

Hello everyone,

Last week, on 6 April, we held our weekly team meeting.

The meeting log is available at http://meetbot.debian.net/tor-meeting2/2020/tor-meeting2.2020-04-06-18.09.lo...

Highlights from this meeting: 1) Ticket prioritization with respect to S58 (migration) 2) Fix failing Nightly builds 3) Finding a reviewer for #33749

================================ Discussion:

GeKo:

Last week:

-helped with releases

This week:

- More Tor Browser spec update (#25021)

- SHA-256 for Windows authenticode signing (#29614)

mcs and brade: Last week: - Code reviews. - Made progress on review of the rebased updater patches (#33533). This week/upcoming: - Finish reviewing the rebased updater patches (#33533). - #32418 (on every start TB complains that it can't update). - #33671 (Update "Get Involved" url in about:tor).

sysrqb: Last week: Code review Release prep for 9.0.8, then release prep for 9.0.8 and 9.5a10, followed by 9.0.9 and 9.5a11 This week: Releasing 9.0.9 and 9.5a11 Code reviews

pospeselr:

Last Week:

- finished auditing new firefox prefs

- started building out task list from my notes dump

This Week:

- finish building out tasks and getting them into trac - please tag them with Sponsor58

- #33791

boklm: Last week: - Made patches for: - #33807 (Namecoin eTLD patch conflicted with securedrop.tor.onion) - #33805 (While building tbb-9.0.8-build3 the build of openssl for Windows fails) - #32038 (tor-browser-build license is unclear) - Added comment on #25102 following GeKo's question (Add script to sign nightly build mar files, generate update-responses xml and publish the new version) - Reviewed #31499 (Update libevent to 2.1.11-stable) - Reviewed #33771 (Missing LibEvent License) - Helped with new releases - Monitored blog comments This week: - Help with new releases - Some reviews - Work on proposal for quilt workflow - Work on testsuite setup - Work on setup of automatic rebasing of tor-browser patches on mozilla-central

pili: Last week: - Started researching certificates for onions options - S27 monthly report - GSoC wrangling - April roadmap review - trac triage This week: - April roadmap review and cleanup - trac triage - S27 work completion report - Browser Team March report - Write up certificates for onions options research - Maybe start on Onion Service discovery options for onion capable browsers research - Reminder for everyone to submit their March timesheets

acat: Last week: - Revised #21952: Onion-location - Revised #28005: Officially support onions in HTTPS-Everywhere - Worked on #30832: Fix tor-browser tbb-tests This week: - #31918: Rebase and squash mobile/android patches into desktop - Work on 27105: Fix Tor Browser testsuite for esr60 - Maybe some children of #33533 (Rebase Tor Browser esr68 patches on top of mozilla-central)

sisbell: Last Week: Fenix #33760: Update rbm,conf for latest NDK - update CC var for latest clang (in review) #33559: Update tor-android-service to use latest android toolchain (in review) #33801: Update Go Project to use NDK 21 (in review) #33833: Update Rusto to use NDK 21 (in review) #33626: Add TBB project for GeckoView - working through this Android Tor - tickets are still in review so didn’t make any changes This Week: # Follow up on reviews of Android Tor Support (priority) Fenix #33626: Continue work in TBB for GeckoView, included evaluating which patches should be applied to gecko view vs Fenix.

Jeremy Rand: Last week: - Write fix for #33752; new Electrum-NMC and StemNS commits are pushed. - Work on getting some Electrum-NMC functionality (AuxPoW-related) upstreamed to Electrum. - As usual, productivity is mildly diminished thanks to COVID-19 precautions. This week: - Submit tor-browser-build patch for #33752. - Relay r/Namecoin test reports to tor-talk mailing list. - Hopefully get more feedback on Namecoin integration via Twitter. - Review patch for #33807. - Review patch for #32038. - Review patch for #30334. - [discuss] Would be cool if someone would like to review #33749. ================================

- Matt

Matthew Finkel

8:36 p.m.

New subject: Tor Browser Team Meeting Notes, 13 April 2020

Hi everyone,

Today we held our weekly meeting. The meeting was held on Jitsi Meet but some notes are documented at http://meetbot.debian.net/tor-meeting2/2020/tor-meeting2.2020-04-13-17.58.lo...

Highlights from the meeting: 1) My mic worked this week (yay) and we saw/heard each other (yay)

2) Last week 9.5a11 was released and that included new S27 Onion Service usability improvements. We received a little feedback on this, but we need more. Some websites are beginning a trial with using onion-location.

3) The Anti-Censorship team asked about the status of #11698 for distributing the Tor Browser Manual within Tor Browser (as well as on the website). We put this on the roadmap in October 2020.

4) Maybe once per month we'll dedicate a portion of the meeting time to discussing user/usability feedback. This should help us prioritize bugs and improve Tor Browser, overall.

================================ Discussion: - https://bugs.torproject.org/11698 < Can we consider this for some point post ESR transition? - Can we have a space once a month to share and discuss any user testing results we may have had during the previous month?

mcs and brade: Last week: - Finished reviewing the rebased updater patches (#33533). - Built rebased browser on macOS and did some quick tests (#33533). - Researched some Tor Launcher changes that are needed post-ESR68. - acat will fix #32174 (replace XUL <textbox> with html:input). - Commented in #33809 (Fast-Forward Tor Browser Versions). This week/upcoming: - #32418 (on every start TB complains that it can't update). - #33671 (Update "Get Involved" url in about:tor).

sisbell: Last Week: #33877: Disable Samples and Regression tests For Libevent Build - removes these for platform builds (in review) #28765: LibEvent Build for Android - changed some config options, broke out some changes into #33877 (in review) #31499: Update libevent to 2.1.11-stable - made minor change to build with tor on linux (merged) #28766: Tor Build for Android - minor change to use changes in #31499 (in review) - Investigation in the control.txt file not being created. - Linux laptop is becoming unstable with shutdowns so spent time in transition to MacBook. This Week: # Follow up on reviews of Android Tor Support (priority) Fenix - #33626 Add TBB project for GeckoView

pili: Last week: - S58 triage and organisation - Usual trac triage - Wrote up some more of my certificates for onions "article" - S27 work completion report This week: - Tor Browser March report - S58 kick off call with sponsor - gitlab migration meeting -

boklm: Last week: - Helped with releases - Some reviews: #33845, #33749, #31499 - Fixed an issue with nightly updates (#33864) - Monitored blog comments This week: - Some reviews - Update patch for #25102 (Add script to sign nightly build mar files ...) and open tickets for things discussed in the comments - Work on testsuite setup - Work on setup of automatic rebasing of tor-browser patches on mozilla-central - Work on proposal for quilt workflow

pospeselr:

Last week:

- #33534 (FF release notes/tickets review)

- finished investigating outstanding issues and filed tickets for work that needs to be done (parented to #33534)

This week:

- #33791 - Evaluate Firefox tests

acat: Last week: - Revised #33533 (Rebase Tor Browser esr68 patches on top of mozilla-central) - #33838: Update Onion-Location in tor-browser-spec - Spent some time investigating issue with #30832: Fix tor-browser tbb-tests - #33845: namecoin-torbutton.patch needs to be rebased - #33862: Fix usages of createTransport API - #33890: Rename .xul to .xhtml - #33892: Add brandProductName to torbutton brand localization files - #32174: replace XUL <textbox> with html:input Next week: - #31918: Rebase and squash mobile/android patches into desktop - Maybe some children of #33533 (Rebase Tor Browser esr68 patches on top of mozilla-central) - Spend 1-2 hours trying to reproduce https-everywhere bug that dgoulet experienced with #28005.

sysrqb: Last week: Released 9.5a11 and 9.0.9 Ticket cleanup/triage Code review: #28765, #28766, #32993, #33685 This week: Merge tor build for android Review rebased tor browser patches Review migration tickets

Jeremy Rand: Last week: - Tagged Electrum-NMC 3.3.9 (contains a fix for #33752 among other improvements) - Fixed rbm-built clang in #32355 - My mail server was down most of the week, so couldn't send r/Namecoin test reports to tor-talk. This week: - Send in a tor-browser-build patch that pulls in Electrum-NMC 3.3.9 - Relay r/Namecoin test reports to tor-talk mailing list. - Hopefully get more feedback on Namecoin integration via Twitter. - Review patch for #32038. - Review patch for #30334. ================================

Stay safe/healthy/sane everyone, Matt

1669

Age (days ago)

1750

Last active (days ago)

tor-project@lists.torproject.org

11 comments

1 participants

tags (0)

participants (1)

Matthew Finkel