[tor-project] Tor Browser team meeting notes, 15 Jan 2018

Georg Koppen gk at torproject.org
Tue Jan 16 13:29:00 UTC 2018 

Hi!

We had our second Tor Browser meeting in 2018. Here is the meeting
transcript:

http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-01-15-19.00.log.txt

And the notes from the pad are:

Monday, January 15, 2018

Discussion:
    -What about Taler (https://taler.net/en/ ) integration into Tor Browser?
    -Who wants to be the PoC for Pari's helpdesk reports (following it,
amending it with tickets we already track, making sure it is correct
from a browser side etc.)? (Richard volunteered)
    -I want to establish some feedback mechanism within the team by
doing a 1to1 with each team member, say at least once a year. I plan to
start this round end of June 2018


mcs and brade:
    Last week:
        - Worked on Moat integration loose ends (#23136).
                - incorporated activity spinner image from Antonela
(#24696).
                - added support for multiple bridges returned by BridgeDB.
                - reviewed dcf's patch for #24642 (cannot use
TOR_PT_EXIT_ON_STDIN_CLOSE)
        - Attended the UX + Tor Browser meeting on IRC.
        - Read the Android Torbutton and Tor Launcher proposals.
        - Investigated the Tor Launcher aspects of #24826 (compressed
consensus diffs stall Tor Browser launch).
        - Worked on #24421 (Temporarily allow all this page and New
Identity).
        - Helped with triage of new tickets.

Planned for this week:
        - After a test server is deployed by the Network Team, test and
put Moat integration code out for review.
        - Comment on Matt's Android Tor Launcher proposal.
        - Do more debugging for #24421 (Temporarily allow all this page
and New Identity).
        - Work on about:tbupdate issues (#21850 and #24578; avoid using
a query string),


Georg:
    Last week:
        -fought my backlog
        -ticket review (and partially merge): #24702, #23911, #23892,
#24842, #21245, #22343, and #18691
        -made a bit progress on our mingw-w64/clang-based toolchain (#21777)
        -wrote a patch for #23916
        -worked on the Tor Browser design doc update (#21256)
        -worked on the proposal for the toolbar redesign and better
understanding of security features
        -started to think about our android reproducible builds and
updates for Tor Browser on Mobile

    This week:
        -release preparations for 7.5 and 8.0a1
        -more reviews
        -finish design doc update (#21256); aimed for Friday this week
        -further work on the proposal for the toolbar redesign and
better understanding of security features
        -think about some improvements to our release signing scripts


arthuredelstein

    Last week:

    - Worked on rebasing tor-browser.git to mozilla-central. I am about
2/3 of the way through. Once all patches are rebased, I will set up on a
nightly automatic rebase script.

    - Made a list of patches we should try to upstream for ESR60. I will
send the list to tbb-dev and update bugzilla where needed.

    - Attended the Mozilla/Tor UX video meeting and a second meeting
with Mozilla uplift team on fingerprinting patch triage.

    - Checked in https://bugzilla.mozilla.org/show_bug.cgi?id=1384309

    This week:

        - I will continue to work on the rebase, and also push forward
any upstreaming patches that look feasible.

    - Try to move forward on https://trac.torproject.org/24309 (tor
circuit door hanger)

    - If there is time, I also want to look at
https://trac.torproject.org/14952 (HTTP2 audit/patching)


boklm:
    Last Week:
        - Worked some patches for:
            -  #24842 (debug builds are missing libasan.so.2 and
libubsan.so.0)
            - #18691 (switch Windows builds from precise to jessie)
            - #24879 (enable fetching of new commits by default for
nightly builds)
    This Week:
        - follow the fpcentral setup
        - make our testsuite run on nightly builds
        - look again at some improvements to our release signing scripts
(#24331)
        - review #23916 (Create a new MAR signing key for Tor Browser)
        - help with building of the new releases


igt0:
    Last Week:
        - PoC Tor Button for Mobile(basically, I moved the code to the
tor-browser.git and started to integrate with the Firefox build system).
        - Updates in the Tor Button proposal
        - Reading about how tor-android(
https://github.com/n8fr8/tor-android) works
    This Week:
        - Finish the PoC
        - Review sysrqb proposal
        - Updates to the tor button proposal


pospeselr:

        Last Week:

    - investigated more avenues regarding #15559 (Range requests used by
pdfjs are not isolated to URL bar domain); conclusion I've come to is
there no nice surgical fix here

    - pdf.js seems to require the nsISystemPrincipal for range-based
requests to work properly

    - the JS Context the range-requests run in are missing the original
principal and first-party domain information needed to be put on the
correct circuit

    - looks like the best that can be done is to just disable
range-based requests, but at the cost of pdf performance

    - will no longer be able to read pdfs as they load, the whole thing
has to be downloaded

    This Week:

    - it's easy enough to disable range-request, so will have a patch up
for this later today

    - will find some other (hopefully simpler) fingerprinting bug to work on


Georg


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20180116/11c388f1/attachment.sig>

More information about the tor-project mailing list