#tor-dev log

17:59:41 <GeKo> #startmeeting tor browser
17:59:41 <MeetBot> Meeting started Mon Apr  4 17:59:41 2016 UTC.  The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:59:41 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
17:59:53 <GeKo> hi everybody to another tor browser meeting
18:00:13 * isabela lurking
18:00:16 <isabela> :)
18:00:19 <mcs> hi
18:00:24 <GeKo> i guess i could go first this time
18:00:27 <GeKo> hi
18:00:40 <GeKo> last qeek was quite busy for me in three areas:
18:00:53 <GeKo> 1) I worked on our toolchains especially on #18331
18:01:22 <GeKo> i think we might have some reasonable options for that one and i was almost tempted to fix #9711 finally
18:01:40 <GeKo> but i dragged me out of it to refocus on other more important stuff
18:02:02 <GeKo> we still might get that fix as i asked Ray Donnelly to help me with the final puzzling bits
18:02:24 <GeKo> 2) I reviewed and landed the changes for the os x signing (#13252)
18:02:48 <GeKo> we have nightlies with that code yet but i was unable to get that beast signed so far :(
18:03:08 <GeKo> 3) i spent almost 2 days reviewing all non mcs/brade commits for #15197
18:03:40 <GeKo> i think we are not in bad shape and i hope we finally switch to esr45 in our nightly builds this week
18:04:01 <mcs> GeKo: Let me know if there is anything I can do to help with Mac code signing.
18:04:06 <GeKo> for this week i plan to work further on the code signing bits
18:04:33 <GeKo> mcs: yes, that would be neat. i guess we should chat tomorrow if that fits somehow in your schedule
18:04:51 <GeKo> then i hope to get our nightly switched to esr45
18:04:52 <mcs> GeKo: Yes, I should be around.
18:05:08 <GeKo> and i plan to work on tbb-6.0a5 issues
18:05:13 <GeKo> that's it for me for now
18:05:54 <GeKo> oh, and there is the usual begin-of-month-tor-browser-tream-admin stuff to do
18:06:00 <GeKo> *team even
18:06:07 <GeKo> and no dream
18:07:31 <mikeperry> I have a pile of review notes which I will be adding to #18546. I'm still not done with all of the XPCOM stuff, but it is lower risk, and I have found stuff that could use either a second set of eyes, and/or defense-in-depth patching and pref verification. most of it is on the android side, or at least should be in theory.
18:07:57 <GeKo> ok
18:08:10 <mikeperry> I will add those notes today, even though they are partial, so people can start looking into stuff before waiting for me to finish everything
18:08:28 <GeKo> thanks, sounds like a good plan
18:08:58 * mcs is beginning to realize how much stuff the Mozilla engineers touched between 38 and 45
18:08:59 <mikeperry> that's it for me! :)
18:09:23 <mikeperry> (unless I am needed for other stuff, like help with getting a new cert for osx signing or something)
18:10:04 * mcs will give a report next
18:10:09 <mcs> Last week, Kathy and I reviewed a couple of ESR45 patches: #18631 and #18632.
18:10:16 <mcs> We also worked on a few ESR45 tickets: #15640, #18599, #18602.
18:10:27 <mcs> A quick comment on #18602: SVG favicons are not blocked by our current patch and it is even possible sometimes to load SVG favicons in the ESR38-based Tor Browser.
18:10:34 <mcs> Discovering this was slightly alarming and we are working on a fix.
18:10:38 <GeKo> uh oh
18:11:02 <mcs> (the fix Mozilla made makes them work reliably but they kind of worked before; who knew?)
18:11:17 <mcs> Last week we also revised our fix up patch for #13252 based on feedback from GeKo and arthuredelstein. Thanks for your reviews.
18:11:24 <mcs> This week we plan to continue to work on #18602 and also review the mcs/brade patches that arthuredelstein rebased for ESR45.
18:11:32 <mcs> Then we will look at other ESR45 issues and also be ready to help with any #13252 follow up issues.
18:11:37 <mcs> That’s all for us.
18:12:09 <GeKo> thanks. could you set the esr45 rebase review on top of your ToDo list?
18:12:46 <GeKo> i'd like to have that branch asap in our nightly builds given that we basically have less than two weeks for the next release
18:13:01 <GeKo> and we might want to shake out bugs we find with our nightliy builds
18:13:21 <mcs> OK. Makes sense. I know the SVG patch needs tweaking even without worrying about the favicon issue.
18:13:36 <GeKo> ok, thanks
18:15:23 * boklm will go next
18:15:32 <boklm> This past week I set up the nightly testsuite on OSX, and fixed it for the layout changes from #13252
18:15:39 <boklm> I converted some marionette tests and looked at #18629
18:15:48 <boklm> This week I'm planning to work on #16009 and review #18331
18:15:57 <boklm> That's it for me
18:16:30 <GeKo> do we get a similar testing report for os x tests now?
18:16:35 <boklm> yes
18:16:41 <GeKo> neat
18:16:51 <GeKo> oh, i could need a review from you for #18331
18:17:06 <GeKo> and, you mentioned it already
18:17:09 <GeKo> *ah
18:17:10 <GeKo> nvm
18:17:14 <GeKo> thanks
18:18:17 <qbi> n8fr8: Thanks.
18:18:18 <GeKo> we probably won't have an arthuredelstein here today but who else want to share some update?
18:18:26 <GeKo> *wants
18:20:31 <n8fr8> amoghbl1: are you around? (we/he has an orfox update)
18:20:52 * huseby is here
18:21:17 * huseby can go
18:21:28 <huseby> so last week we saw a number of origin attributes bugs get landed
18:21:32 <huseby> we're making good progress
18:22:14 <huseby> i have started in on going through all of the TBB isolation unit tests and identifying exactly what they test so that we can write an equivilent one for origin attributes
18:23:02 <huseby> the goal is to track provenance on the isolation tests so that once origin attributes is done, we can prove that it provides as good, or better, isolation as the third party utils method
18:23:53 <GeKo> i saw you created 1260929. is that the meta bug that tracks all of this?
18:25:00 <huseby> i also started a bug https://bgz.la/1260931 for adding the first party isolation preference and adding the firstPartyUri origin attribute
18:25:16 <huseby> GeKo: yes, 1260929 is tracking everything IIRC
18:25:37 <GeKo> okay, good.
18:25:45 <huseby> GeKo: that meta bug is tracking all of the tor patch cherry picking
18:26:07 <huseby> so basically everything except the origin attributes bugs, which collectively replace the ThirdPartyUtils patch
18:26:31 <huseby> i now have three more engineers in the Taipei office helping with with everything
18:26:42 <huseby> so expect patch landing to accelerate
18:26:54 <huseby> this week, i'm going to finish creating bugs for all of the isolation tests
18:27:03 <huseby> and i'm going to create bugs for the image cache isolation with origin attributes
18:27:12 <huseby> and land a few more origin attribute fixup bugs
18:27:31 <huseby> next week, I'll be in Taipei for a week-long hack-a-thon with the taipei office engineers
18:27:42 <GeKo> sounds great. let us know if you need something from us or find some issues with our patches
18:27:46 <huseby> so i may miss the standup
18:27:54 <huseby> GeKo: roger that
18:27:57 <huseby> that's it for me
18:28:00 * huseby fin
18:29:40 <n8fr8> I will briefly report on amoghbl1 behalf that we have a stable build for orfox based on tor-browser-38.5.0esr-5.5-2 branch
18:30:19 <n8fr8> thanks to help from some mozilla folk we backported a necessary Android patch to fix a crash
18:30:54 <n8fr8> we are going to test and ship this week, and then move to 38.7.1esr, etc
18:31:05 <GeKo> do you have plans for switching to esr45?
18:31:26 <n8fr8> otherwise, amoghbl1 has a solid proposal in for GSoC (you can do it twice) when we can tackle the next significant set of work
18:31:43 <GeKo> aha, good to hear
18:32:43 <n8fr8> I think that is all I will report for now, but expect more in the coming days
18:33:32 <huseby> n8fr8: is that the protected security bug i'm tracking?
18:34:36 <n8fr8> This was the primary blocker it seems for this build: https://github.com/amoghbl1/tor-browser/commit/c18118104f9da3391729bcd9edd6627f530bbe3b
18:34:53 <n8fr8> though I think there are others for the newer esr work
18:38:00 <GeKo> alright, do we have some topic for discussion today?
18:39:29 <n8fr8> If you are interested in what amoghbl1 is proposing for GSoC, you can find it here: https://people.torproject.org/~amoghbl1/GSoC_2016.pdf
18:40:02 <GeKo> n8fr8: before i forget it https://hal.inria.fr/hal-01285470/file/beauty-sp16.pdf might be of interest for you. the mobile part was especially interesting to read
18:40:23 <n8fr8> ty
18:42:08 <GeKo> ok. thanks everybody for attending and let's get back to get a eesr45-based Tor Browser into a releasable shape *baf*
18:42:12 <GeKo> #endmeeting