[tor-project] Tor Browser Team Meeting Notes, 16 March 2020

Matthew Finkel sysrqb at torproject.org
Mon Mar 30 17:31:08 UTC 2020 

Hello everyone,

We held a weekly meeting on 16 March, 2020. The meeting log is available
at
http://meetbot.debian.net/tor-meeting2/2020/tor-meeting2.2020-03-16-17.59.log.txt

During the meeting we discussed how Javascript should be handled and disabled
on the Safest security level.
 
================================
Week of March 16, 2020

Discussion:
    - Should we be using Trac’s merge_ready status for tickets for which review is complete? Who should change a ticket’s state to merge_ready?
    - Javascript configuration on Safest

pospeselr:

    Last week:

    - release note reviews (#33534)

    - windows update/platform documentation updates

    This week:

    - finish release note reviews (#33534)


GeKo:

    Last week:

    - not much done; a bit help with the JS bypass bug

    This week:

    - more design doc update (#25021)

    - test new mar signing key (#33173)

    - maybe working on reproducibility of lucetc (#33488)


mcs and brade:
    Last week:
        - Code reviews.
        - Reviewed the manual update instructions, etc. for the TB 9.5a7 release.
        - Replied to email query from Guardian Project people r.e. implementing Moat.
    This week/upcoming:
        - More code reviews, including rebased updater patches (#33533).
        - Respond to review comments in #19251 (onion services error page).
        - Revisit #30732 (“Your Firefox is critically out of date" banner).
        - Revisit #32418 (on every start TB complains that it can't update).
        - Investigate #29630 (TorBrowser creates empty directory in "/tmp”).

acat:
    Last week:
        - Reviews (#33482: Update about:tor donate string, #19251: TorBrowser might want to have an error page specific to when .onion links fail)
        - Made patch for #33342 (Disconnect search addon causes error at startup)
        - Revised #28005 (Officially support onions in HTTPS-Everywhere) to use securedrop testing update channel.
    This week:
        - Revise #21952 (Onion-location: increasing the use of onion services through automatic redirects and aliasing) to address review comments.
        - Whatever is most useful for Tor Browser ESR -> regular release migration (or Fenix):
            - Try to get a tor-browser-build for #33533 (Rebase Tor Browser esr68 patches on top of mozilla-central)
            - Take a look at fixing tests?
            - ...

sysrqb:
    Last week:
        - Released 9.5a7, 9.0.6, and 9.5a8
        - Investigated Javascript bug on Safest security level
    This week:
        - Close-out javascript bug
        - Release prep for 9.0.7 and 9.5a9
        - Respond to sisbell regarding Fenix questions
        - Look at acat's work with rebasing patches

boklm:
    Last week:
        - Tested updates in nightly builds: it seems to be working correctly
        - Opened upstream pull request for #33535 (Patch openssl to use SOURCE_DATE_EPOCH for copyright year)
        - Looked at possible workflow with quilt
        - Helped with new releases
        - Looked at blog comments
    This week:
        - Try to get rebased patches from #33533 building in tor-browser-build
        - Set branch for #25102 in needs_review (Add script to sign nightly build mar files, generate update-responses xml and publish the new version)
        - Work on testsuite setup
        - Work on setup of automatic rebasing of tor-browser patches on mozilla-central
        - Work on proposal for quilt workflow
        - Some reviews

Jeremy Rand:
    Last week:
        - Relayed some Namecoin feedback from Twitter and LinuxReviews to tor-talk.
        - Posted on r/Namecoin asking for more feedback, hopefully some more feedback will trickle in soon.
        - Hacked around with #32355 some more.
    This week:
        - Wait for more feedback on the Namecoin integration in Nightly.
        - Maybe hack around with #32355 some more.

sisbell:
   Last Week:
   - #33556: TBB for android-components -  After integrating with fenix build, I identified a number of unneeded Mozilla project dependencies and removed them. Various plugin fixes. Package artifacts as maven repo. Cleaned up patches. I also identified a couple of areas further of investigation.  
   - #33184: Support for fenix - various plugin fixes, removing of dependencies, now using android-component artifacts locally, learning build internals
   This Week:
  - #33184: Fenix - get complete build working (this will still use precompiled artifacts from Mozilla’s gecko view aar)
  - #33626: TBB for GeckoView - start setting this up so I can identify build dependencies for this (rust, clang). Open related issues.

pili:
    Last week:
        - trac triage
        - Browser team February report
    This week:
        - trac triage
        - Tor Browser release meeting
================================

Thanks,
Matt

More information about the tor-project mailing list