18:02:09 <mikeperry> #startmeeting tbb-dev
18:02:09 <MeetBot> Meeting started Mon Oct 26 18:02:09 2015 UTC.  The chair is mikeperry. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:02:09 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
18:02:23 <mikeperry> ok, let's get started!
18:02:32 <mikeperry> Last week, I spent most of the week discussing the ED search, attending a conference and travelling.
18:02:38 <mikeperry> This week, I am working on setting up a build+signing machine. I may help with code reviews for Tuesday's release. Please tag stuff that you think I should look at with MikePerry201510R. Otherwise I may pick randomly from https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~TorBrowserTeam201510R
18:03:00 <mikeperry> Next week, we will have 5.0.5/5.5a5 (on Tuesday). We should code freeze that by Thursday at the latest. I will also be travelling on Friday, so I may again have limited availability/bandwidth.
18:04:04 <mikeperry> Apple verified our org account, but we still have a couple steps before we get a cert. not clear if that will happen in time for the release. In any case, at best, we're likely to only make test builds with mac sigs. it seems unlikely that we'll be able to release those on Tuesday :/
18:04:32 <mikeperry> but we should have everything in place to do mac signing more smoothly, and also to sign arbitrary test builds more easily
18:04:44 <mikeperry> that's it for me
18:06:44 <GeKo> here is what i did
18:06:53 <GeKo> I worked on #17406 and #10599 + #17305
18:06:54 <GeKo> I looked a bit at #16620
18:07:17 <GeKo> i got a bunch of my mail backlog done
18:07:51 <GeKo> and took care that the nightly builds are running smoothly again (thanks to ln5)
18:08:27 <GeKo> this week, i'll try to get the hardened builds into a relasable shape
18:08:39 <GeKo> i think this adds to the pile of things to releases next week
18:09:09 <GeKo> and i'll try helping to get the remaining bits for the year one deadline done
18:09:14 <GeKo> in case there are any
18:09:21 <GeKo> that's it for me
18:13:11 * mcs will go next
18:13:21 <mcs> This past week, Kathy and I created a revised patch for #12967 (merged by GeKo -- thanks!)
18:13:27 <mcs> We also participated in various discussions related to multilingual Tor Browser packages (e.g., see #17305, #17400).
18:13:34 <mcs> But mainly we worked on tests and a new patch for #16620.
18:13:41 <mcs> This week we plan to finish the patch for #16620 and some mochitests as well.
18:13:46 <mcs> Time permitting, we will review the patch for #9659 and then look at #16940 and #17313.
18:13:51 <mcs> That's all for us.
18:16:02 * boklm can go next
18:16:06 <boklm> This past week I made some improvements on Tor Messenger build process and started investigated some OSX and Windows reproducibilty issues (#10942), and helped on #17305
18:16:10 <boklm> This week I'm planning to fix the nightly testsuite runs, help on #17305, do some marionette tests, post an update on Mozilla Try results on the split branches repo
18:16:26 <boklm> That's all for me.
18:17:15 <GeKo> boklm: how good are we for the year one deadline wrt to the testing stuff?
18:17:26 <GeKo> s/to//
18:17:33 <GeKo> what is still missing?
18:18:50 <boklm> I think we are good.
18:20:04 <boklm> I will check what are the results on the latest nightlies and fix any test if need
18:20:10 <GeKo> ok, cool
18:20:44 * arthuredelstein can go
18:20:55 <arthuredelstein> This week I filed a couple of bugs on possible new fingerprinting attacks: #17412 and #17423.
18:21:02 <arthuredelstein> I did some experiments while reviewing #16620
18:21:05 <arthuredelstein> I wrote a patch for #17250
18:21:14 <arthuredelstein> And I opened several tickets on bugzilla.mozilla.org and updated our list of patches on huseby's spreadsheet.
18:21:19 <arthuredelstein> I believe all of our tor-browser.git patches are now accounted for on the list.
18:21:26 <arthuredelstein> I then rebased several of our patches to mozilla-central and submitted them for review.
18:21:37 <arthuredelstein> Already I've gotten helpful feedback on the majority of those, so this week I'll focus on editing those patches and resubmitting them for review, as well as submitting any other patches that are tractable.
18:21:42 <arthuredelstein> And I'll look further at any changes we can make for #17250.
18:22:06 <arthuredelstein> That's it for me
18:22:48 <huseby> (thanks arthuredelstein)
18:22:54 * huseby can go
18:23:21 <huseby> so I spent last week fixing up callsites to createCodebasePrincipal to support the contextual identities
18:23:44 <huseby> https://bugzilla.mozilla.org/show_bug.cgi?id=1197283
18:24:00 <huseby> I'm uploading my patches here this morning: https://bugzilla.mozilla.org/show_bug.cgi?id=1218479
18:24:24 <huseby> so I said last week that I'd determine if the origin attributes and contextual identities is good enough for the isolation
18:24:27 <huseby> I'm 99% sure it is
18:24:34 <huseby> but
18:25:05 <huseby> in the interest of expediency, I'm going to continue with the old plan of rewriting the ThirdPartyUtil to use origin attributes.
18:25:26 <huseby> this is largely because the ThirdPartyUtils is a nice abstraction that everything else is already using
18:25:37 <huseby> plus it allows us to expose the URL bar source of truth to add-ons cleanly
18:25:42 <huseby> liek the Tor Button
18:26:03 <huseby> so I'm submitting all of my contextual identities patches today
18:26:04 <GeKo> yeah, sounds good
18:26:17 <huseby> and then will get back to the origin attributes and Third Party Util rewrite
18:26:46 <huseby> I also got "Make a plan for a VPN/Proxy management framework in Firefox" into my quarterly goals
18:27:10 <huseby> I've had several internal meetings on this subject and there seems to be general support for the idea
18:27:30 <huseby> so my next step is to put together a document with the requirements and possible solutions
18:27:50 <huseby> then arrange for a meeting with y'all and mullvad peeps to discuss the possibility of moving forward together
18:28:37 <huseby> ideally, the solution would make the tor launcher unnecessary and mullvad would be able to easily drop in their openvpn client and firefox will become the browser of choice for vpn providers :)
18:28:50 <huseby> so expect more discussions along these lines in the near future
18:28:59 <huseby> and then there is the ESR fork in December
18:29:02 <huseby> :)
18:29:07 <huseby> that's it for me.
18:33:09 <mikeperry> huseby: so you are still talking with the mullvad folks? they emailed me, but I have not heard back from them since then
18:39:49 <huseby> mikeperry: I haven't spoken to them since Berlin
18:39:59 <mikeperry> kk, same
18:40:00 <huseby> I was planning on putting together the doc and then reach out
18:40:13 <huseby> maybe I should email them just to let them know we haven't forgotten about them
18:40:24 <mikeperry> they emailed me once and have't heard from them since. maybe I am hitting their spam filter? who knows
18:40:27 <GeKo> i think the doc
18:40:40 <GeKo> is fine and then reaching out
18:41:41 <GeKo> s/the/having a/
18:46:25 <mikeperry> ok. are we done then? and early?
18:48:32 <mikeperry> (yes othermike, yes we are).
18:48:37 <mcs> :)
18:48:40 <mikeperry> #endmeeting *baf*