#tor-dev log

19:01:29 <isis> #startmeeting
19:01:29 <MeetBot> Meeting started Mon Nov 10 19:01:29 2014 UTC.  The chair is isis. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:01:29 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
19:01:36 <MarkSmith> There shoud be one....
19:01:40 <isis> YES I WIN
19:01:46 * sherief is around
19:02:03 <boklm> hello
19:02:16 <isis> hello all!
19:03:13 <isis> last week i did not do much because i got poisoned and started having an autoimmune reaction
19:03:36 <isis> the only thing useful that i did for TB stuff was review arthuredelstein's patch for #13671
19:03:54 <isis> ok, does someone else want to go next?
19:03:58 * MarkSmith Hopes you are better now!
19:04:00 <Yawning> *lurks*
19:04:11 <isis> MarkSmith: thanks, i think so!
19:05:18 <sherief> There is nothing to to report at the help desk side. However, we need to create videos for TB and we can't do that without swapping helix's key #13677
19:06:53 <MarkSmith> I am not sure who can comment on the signing key issue other than mikeperry or GeKo....
19:06:55 <mikeperry> last week I tried to merge everyting to release 4.5-alpha-1, but the circuit UI and a couple other things proved troublesome. I also gave a talk at Mozilla about reproducible builds on wednesday, and talked to them about their 10 year firefox anneversary this week
19:07:13 <sherief> yeah.. I had hoped that at least one will show up
19:07:20 <GeKo> I am here
19:07:23 <sherief> nice!
19:08:06 <mikeperry> this week I hope to get 4.5-alpha-1 finally packaged, and then write our year-end report.. or maybe in the other order, depending
19:09:02 <GeKo> sherief: #6540 won't definitely happen before we switch keys and #3861 probably neither.
19:09:24 <GeKo> err, will definitely not happen
19:09:38 <Yawning> mikeperry: aw I wanted to see the alpha soon-ish ;_;
19:10:21 <sherief> GeKo: Ok. We will create videos once the key switch happen
19:10:40 <sherief> the problem is that karsten didn't tell us when are the videos needed
19:10:52 <mikeperry> is the deadline december or june for those videos?
19:11:52 <sherief> We don't know. I will write karsten an email and answer in #13677
19:14:11 <Yawning> I caused trouble for the browser people by filing bugs about the circuit display. >.>
19:15:02 <mikeperry> yeah. that and some last minute backports delayed us
19:15:03 <Yawning> And I wrote or-ctl-filter in a moment of massive tinfoil hattery
19:15:09 <Yawning> sorry >.>
19:15:57 <GeKo> you don't need to be sorry for or-ctl-filter
19:16:25 <GeKo> here is what I did:
19:17:29 <GeKo> I provided feeback for the updated tor-browser spec
19:17:44 <GeKo> I backported and tested a fix for #13558
19:18:22 <GeKo> I tested/merged/and upstreamed two gitian-builder patches done by Lunar
19:18:37 <GeKo> I tried to get 4.5-alpha-1 in a releasable shape
19:18:45 <GeKo> I reviewed #13762
19:19:00 <GeKo> err #13672
19:19:51 <GeKo> I worked oon LXC build issues and tested Lunar's patch + took a step at libgmp build issues (while I am at it)
19:19:59 <GeKo> #12238, #13588, #13055
19:20:23 <GeKo> and I looked at upstreaming Firefox build patches #13420
19:20:51 <GeKo> turned out 2 out of 3 are already fixed and I plan to write the missing one this week
19:21:58 <GeKo> Additionally, I want to implement security slider related feedback, get 4.5-alpha-1 out and land LXC build related patches.
19:22:02 <mikeperry> ok. I've noticed that boklm's tests still report hardening warnings. is that #13055, or are there other things too?
19:22:12 <GeKo> that's it for now.
19:22:35 <GeKo> there are other things, too, mainly #13056
19:22:56 <GeKo> and then there is PIE stuff due to Go
19:23:53 <mikeperry> I think the Go people are against hardening their runtime for strange reasons
19:24:40 <GeKo> yes
19:24:50 <mikeperry> apparently they don't believe in DiD. they think Go is magically safe from any form of exploitation (which I highly doubt)
19:25:29 <Yawning> ;_;
19:27:05 * MarkSmith can go next
19:27:19 <MarkSmith> Last week Kathy and I finished fixing #13594 (merged by Mike for 4.5-alpha-1).
19:27:27 <MarkSmith> We spent some time debugging update issues and reviewing the change boklm made to help address #13685.
19:27:36 <MarkSmith> We spent the rest of our time working on #13379.
19:27:45 <MarkSmith> The current status is that we have backported patches from three different Mozilla bugs and we are in the process of testing and fixing issues related to signed MAR verification.
19:28:00 <MarkSmith> The messiest code-related problem yet to be solved is shared library dependencies.
19:28:18 <MarkSmith> In TB 4.0.1, the updater only depends on system libraries (plus msvcr100.dll and libssp-0.dll on Windows).
19:28:26 <MarkSmith> But adding sig verification adds dependencies on NSS and NSPR libraries.
19:28:48 <MarkSmith> We will continue working on those issues this week.  That's all for now.
19:30:02 * boklm can go next
19:30:24 <boklm> Last week, I worked on a patch to address #13685 (Transition away from 32bit OS X), and started working on automatically rebasing tor-browser patches on gecko-dev master.
19:30:38 <boklm> I started doing what I described in this mail: https://lists.torproject.org/pipermail/tbb-dev/2014-November/000172.html
19:31:05 <boklm> which gives us an output page like this, with a list of rebased / not rebased commits: https://people.torproject.org/~boklm/tmp/tests/r/MkzWprrqJK/browser-rebase.html
19:31:33 <boklm> Currently, we have many patches that cannot be rebased automatically, although I did not try yet with -Xpatience.
19:32:21 <boklm> this week I plan to continue working on that
19:32:53 <boklm> that's it for me
19:34:38 <mikeperry> boklm: you might have more success if you exported the patches as git format-patch and used patch. it is less fussy than git, but also more likely to introduce mis-ppatching
19:35:14 <mikeperry> could use git format-patch with lots of context.. patch will allow some fuzz (mismatched lines)
19:35:49 <mikeperry> more patched might also survive if we continually rebased them from release to release?
19:36:33 <boklm> I think git should be able to apply more patches than patch, because it knows history
19:37:56 <mikeperry> it is way more sensitive to conflicts though. I think it allows 0 fuzz
19:38:19 <boklm> I can try to see what is the result with patch
19:38:22 <mikeperry> and of course, if you did patchm you'd have to have some goop to re-commit after each application (and also be sure to git add new files)
19:39:26 <boklm> I will also try with git and -Xpatience
19:40:21 <mikeperry> ok
19:41:33 <mikeperry> arthuredelstein: how goes the circuit UI?
19:42:08 <GeKo> see his mail to tbb-dev
19:42:17 <GeKo> he is probably not here today
19:43:25 <mikeperry> ah
19:44:30 <mikeperry> hrmm.. well I guess we need to decide what we want to do about #13671 and #13672 then
19:44:43 <mikeperry> wait, or release without them?
19:44:51 <mikeperry> or merge the partial work as-is?
19:44:58 <GeKo> without them, I'd
19:45:01 <GeKo> say
19:45:42 <MarkSmith> For an alpha, it seems OK to mention the issues in the release notes.
19:46:22 <MarkSmith> We just need to try to get adequate feedback.  How many 4.5 prereleases are planned (alpha, beta, …)?
19:46:35 <mikeperry> yeah. ok. does that mean we go with tor-browser-bundle commit f8c894726f58bbcde03bb204228d8fa8976c4b5b?
19:46:44 <mikeperry> I think I have that one build already
19:46:53 <mikeperry> f6ca2eeb0dbda5d99851732c256c05d6015258c1f0bb263e447a4e03b7e62dcb  4.5-alpha-1/sha256sums.txt
19:47:02 <GeKo> no
19:47:51 <mikeperry> oh, the pinning backport isn't in that
19:47:52 <GeKo> we need a tag for the updated cert pinning patch and then an update to the versions.alpha file
19:47:56 <GeKo> yes
19:48:31 <GeKo> and we need a torbutton update with updated locales for the preferencedialog
19:48:39 <GeKo> containing security slider related things
19:49:41 <isis> mikeperry: there's also a torbutton patch in #13504 which removes non-operational, non-public bridges from the bundle
19:50:07 <isis> or wait tor-browser-bundle.git patch
19:51:45 <mikeperry> ok, it looks like transifex gave me new DTD entities for the slider for our core locales
19:53:16 <mikeperry> ok, so then the plan will be to restart the build, rebuilding the browser and rebundling
19:53:20 <mikeperry> I will have tags up shortly
19:53:25 <Yawning> \o/
19:54:29 <isis> do we have an estimate on the number of pre-releases before 4.5 is production-ready?
19:55:14 <mikeperry> when it's ready...
19:55:27 <GeKo> and sooner if you help :)
19:55:55 <Yawning> "Soon(TM)"
19:56:06 <GeKo> yeah, that one
19:56:23 <mikeperry> I want mar signing and pinning to work.. those both may have surprise issues. we'll want to try at least one update after both of those are merged
19:57:11 <mikeperry> and mar signing is not going into 4.5-alpha-1, so I'd guess at least 2 more alphas before we can call it stable
19:57:18 <isis> hmm… it might help with planning and spacing out tasks and tickets, and knowing how many chances there will be to test a patch set, and stuff and things like that, if there were even an arbitrary number of prereleases
19:57:18 <MarkSmith> right
19:57:26 <MarkSmith> (>= 2 more releases)
19:57:46 <isis> ok, arbitrary number is >=2. that works. :)
19:58:09 <MarkSmith> stuff that we want for 4.5 should be merged as soon as it is ready, once alpha-1 is out the door
19:58:28 <MarkSmith> e.g., #13504
19:59:18 <isis> that one's an easy review and merge, it can go in anytime. no rush.
19:59:37 <isis> err, anytime as long as it makes it into the next stable, please.
20:00:28 <isis> actually, i have a BridgeDB ticket to file concerning the TB default bridges…
20:01:51 <mikeperry> ok, I pushed the versions file update to origin/master in tor-browser-bundle
20:01:55 <mikeperry> and also updated the changelog
20:03:34 <mikeperry> anything else for the meeting? if everyone likes 9495a912a89f4dd17fd04231da21d39cc928742d I will start building right afterwords
20:04:21 <GeKo> looks good to me
20:05:39 <mikeperry> ok, I am starting the build with make clean-browser && make prep-alpha && make build-alpha
20:05:54 <mikeperry> I think we're also done for the meeting today
20:06:01 <isis> do i get to baf or you?
20:06:11 <mikeperry> isis: you have to #endmeeting because you're a jerk and a meeting stealer
20:06:35 <isis> i know! but *you* have to baf because i didn't steal your e-gavel
20:06:54 <mikeperry> sigh
20:06:57 <mikeperry> *baf*
20:07:01 <isis> :D
20:07:04 <isis> #endmeeting