18:59:55 #startmeeting tbb-dev 18:59:55 Meeting started Mon Jan 4 18:59:55 2016 UTC. The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:59:55 Useful Commands: #action #agreed #help #info #idea #link #topic. 19:00:11 hi everyone 19:00:15 hi 19:00:17 hi everyone! a happy new year and welcome to the first meeting 2016 19:00:25 Happy New Year! 19:00:34 Happy New Year! 19:00:43 Live long and proposer in 2016 ! 19:01:11 i'll start with a small overview about what i did in the past two weeks. 19:01:39 i managed to take some days off (althought i almost failed due to #17931) 19:02:27 i kept a close eye on the blog comments until christmas and filed tickets for issues that showed up 19:02:37 i wrote a small patch for #17851 19:02:56 and i spent time with tbb team admin things 19:03:35 * isabela is around too :) 19:03:48 this week we want to make a bugfix release for the crash bug and i plan to do all the reporting work that happens with every new month 19:04:04 + i'll update the tickets etc. 19:04:29 I hope to get back to the things that still have my december tag. 19:04:34 that's it for me. 19:04:48 is nickm afk ? 19:05:23 dunno but he is usually not around the tor browser meeting 19:07:36 * arthuredelstein can go 19:08:01 First I want to apologize to everyone here for the bug in #17931. It was my bad mistake and I'm sorry. 19:08:11 Since the last meeting, I wrote a patch for #17790. And I worked on #17931. 19:08:25 I helped amoghbl1 with rebasing to the latest tor-browser.git branch. 19:08:36 I did some investigation of #16096. 19:08:40 This week, I will help with anything related to #17931 or the bugfix release. 19:08:58 Also I would like to work on HSTS/HPKP isolation (#6458 / #17965), unless someone has already started on it. 19:09:19 That's it for me. 19:10:13 that's fine (re HSTS/HPKP). i guess starting with HPKP and seeing how it goes might be a good thing 19:11:31 Are we going to try to get the new isolation work done in time TB 5.5? 19:11:33 I skimmed both HSTS and HPKP and they looked quite similar. But I'll start with HPKP first. 19:11:41 in time *for* TB 5.5 19:11:44 ? 19:12:07 i think having an alpha first at last to shake out bugs ans see how it works seems wise 19:12:22 OK. I agree. 19:12:31 so, this is probably something for 6.0 if we still think 5.5 will get out in three weeks 19:12:55 * mcs will give a quick report 19:13:07 Since the last TB dev meeting, Kathy and I reviewed a fix for #17931. 19:13:12 We spent a little time on #17858. 19:13:17 We triaged some bugs. 19:13:22 This week we will work on #13252. 19:13:26 That’s all for now. 19:14:17 mcs: fwiw if you want to grab #17858, please do it. I fear it won't bubble up on my toDo list anytime soon 19:14:26 *ToDO 19:14:34 ha, *ToDo 19:14:45 OK. The new year is starting with a lot for everyone to do ;) 19:14:57 indeed 19:16:05 * boklm can go next 19:16:14 In the past two weeks I was mostly offline. This week I'm planning to improve the testsuite Windows setup process, and help with the bugfix release. 19:16:18 That's it for me. 19:19:22 alright, anyone else here for a status update? 19:20:28 then i have two items on my discussion list: the bugfix release and tbb 5.5 19:20:54 regarding the former: arthur could you make a revised patch for it? 19:21:20 ("it" being #17931) 19:22:17 (sorry to interrupt) when the Tor Browser releases are being built, do the builds pull directly from the translation branches? Or does the Tor Browser snapshot the strings somewhere in its own repo? I'm guessing it must be the second one, but I cant seem to locate where. Could anyone point at it? 19:23:00 boklm: how does your build setup look like? do you have one tor-browser-bundle checkout and do you clean everything between stable/alpha/hardened builds? 19:23:05 (just now realizing this is a meeting, ignore me until after) 19:24:16 GeKo: I used to have only one checkout, but it was a problem for the previous release, so I'll use one checkout for each branch 19:24:51 (for the next) 19:25:11 yeah, that's what i would recommend. i have one branch for stable, one for alpha and one for hardened and one where i do dev things 19:25:13 ok. 19:25:55 you could start building the current releases meanwhile until we have the new one ready to get built 19:26:24 that way it'll reduce the build time for the bugfix release considerably i guess 19:26:42 ok, good idea 19:27:11 GeKo: I'm working on the revised patch and will have it ready soon. 19:27:22 okay, thanks. 19:27:42 so, tbb-5.5 19:29:53 i guess the only things we want to keep out is #14429 and #12967 + related thigns 19:29:54 *things 19:31:30 * huseby can go 19:31:38 hey, sorry for being a little late 19:31:46 hey, no worries 19:31:51 so the origin attributes work is moving along niceley 19:32:07 i've got a spreadsheet for all of the callsites for the principal creation functions: 19:32:09 https://docs.google.com/spreadsheets/d/1MzKb8Bodhp3JhqpLArpnVqT4hkV-e1owXyM_yBZKlOs/edit?usp=sharing 19:32:18 we've got some patches out already 19:32:22 most of the fixup is trivial 19:32:32 i'm working full time on this 19:32:41 this will eliminate the need for the TPU patches 19:33:22 when it's all done 19:33:30 i will be able to move on to the isolation patches 19:33:41 refactoring them to use the new origin attributes for isolation 19:34:02 i'd like to flag some of you for extra review on the bugzilla bugs 19:34:13 i'll be poking you here probably when the time comes 19:34:30 i'm also investigating a 3rd party proxy management system 19:34:57 no guarantees of course, but we're looking at it 19:35:06 cool! 19:35:49 also, at some point we need to make sure that the new stuff being done around add-ons/web extensions doesn't break tor button/tor launcher 19:35:57 has anybody looked at that yet? 19:36:21 i've only been tangentially involved because i'm mostly heads down on origin attributes right now 19:36:34 that's it for me 19:36:42 brade and I looked at the Web Extensions APIs and what is lacking in order to reimplement Tor Launcher. Let me find the trac ticket. 19:36:58 #17248 19:37:01 awesome 19:37:08 What GeKo said ;) 19:37:17 there is a whole lot of input for you, huseby 19:37:20 :) 19:37:39 thanks! 19:37:46 It would be a lot better for us if we did not have to reimplement of course but I am not sure we will have a choice in the long run. 19:37:54 i'll bring it up in the platform security meeting tomorrow 19:38:15 Thanks! 19:38:16 mcs: no guarantees, but mozilla is definitely responsive to your concerns 19:38:32 i'm advocating for the tor browser/project internally 19:38:39 (it's kind of my job :) 19:39:02 thanks for that great feedback 19:39:50 hrm...i was cc'd on that trac, i wonder why i didn't see that 19:39:55 * huseby debugs the email tubes 19:40:49 okay, back to tbb-5.5 planning. 19:40:52 arthuredelstein: i'm reading your e10s isolation email and will respond shortly 19:41:01 * huseby is done 19:41:20 oh, while we are at it, there will be no e10s in fx45 it seems 19:42:34 AFAICT, that's true 19:42:37 but don't quote me on that 19:42:40 i can find out if you want 19:42:45 which means much less work for us but sadly no content sandboxing either :( 19:43:04 i read dev-platform and there it is "announced" 19:43:14 GeKo: but 52 is hopefully going to be a HUGE improvement in a lot of ways 19:43:32 yeah, that's true 19:43:56 anyway... 19:44:38 arthuredelstein: could you generate some data points on how the font fingerprinting defense fares against dcf's fingerprinting technique? 19:45:33 this should give us some hint where we are with out current approach and whether it is smart to have in tbb-5.5 19:53:24 okay, anything else to discuss (tbb-5.5 or a different topic)? 19:56:21 thanks for the meeting then. if you think we have more bugs we need to get fixed for tbb-5.5, please add the respective keyword. 19:56:24 *baf* 19:56:27 #endmeeting