19:00:28 <GeKo> #startmeeting tor-browser
19:00:28 <MeetBot> Meeting started Mon Nov 14 19:00:28 2016 UTC.  The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:00:28 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
19:00:32 <GeKo> hi all!
19:00:36 <boklm> hi!
19:00:38 <arthuredelstein> hi everyone!
19:00:54 <GeKo> let's start with the usual status updates
19:00:59 <GeKo> who wants to go first today?
19:01:18 * boklm can go
19:01:29 <boklm> This past week I fixed #20439, #20186, #20612 and started some patches for #20556 and #20660
19:01:43 <boklm> I helped build the new releases and started the signing process for the alpha (and planning to finish it tomorrow)
19:01:54 <boklm> This week I'm planning to help publishing the new releases of Tor Browser, then Tor Messenger, do #20626,
19:02:06 <boklm> test #20660, make a new release of the testsuite bundle, and start working on #17380
19:02:17 <boklm> That's it for me
19:04:42 * GeKo can go
19:04:57 <GeKo> i was mainly focused on getting the releases in shape
19:05:05 <GeKo> thanks to all who helped
19:05:16 <GeKo> we hit more fun issues than usual
19:05:48 <GeKo> but still it  seems we will have bundles for tomorrow/wednesday
19:06:18 <GeKo> then i worked on the mozilla roadmap to get our priorities in
19:06:36 <GeKo> the plan is to focus on upstreaming fingerprinting bugs
19:07:17 <GeKo> then we hope to get the prio for mingw-w64 builds bumped because dealing with that steals lots of our time
19:07:28 <GeKo> (even thought jacek is doing all the hard work usually)
19:07:53 <GeKo> *though
19:09:14 <GeKo> additionally getting other teams within mozilla to take our needs into account is important as well
19:09:35 <mcs> The Mozilla stuff all sounds good to me.
19:09:51 <GeKo> like getting the DOM team to put have prefs for new features (to disable them if necessary)
19:10:15 <GeKo> or the ContentSec team to ensure new features respect first party isolation
19:10:16 <GeKo> etc.
19:10:29 <GeKo> i am actually quite excited and we'll see how it  goes
19:11:12 <GeKo> then i worked on #20352 but am not done with it yet
19:11:59 <GeKo> this week i plan to help with the releases and resume working on #20352 + testing the sandboxed tor browser as good as i can to find bugs we want to fix before the next release
19:12:09 <GeKo> that's it for me
19:13:01 * mcs will go next
19:13:06 <mcs> Last week, Kathy and I reviewed the backported Firefox ESR 45.5 updater changes and contributed a “fixup.”
19:13:12 <mcs> We did our best to test the updater that will ship inside Tor Browser 6.0.6.
19:13:17 <mcs> Also, we tested #19067 on OSX and were able to run the test suite (good stuff).
19:13:24 <mcs> We do have some setup-related feedback for boklm which we will post to the ticket soon.
19:13:30 <mcs> We also reviewed several patches and spent a little time on OS X sandboxing (#20121).
19:13:35 <mcs> We will get back into the sandboxing work this week and also help with any TB 6.0.6 or 6.5a4 issues that come up.
19:13:40 <mcs> That’s all for us.
19:14:00 <GeKo> mcs: so, you think we are good with respect to the updater, right?
19:14:00 * arthuredelstein can go
19:14:23 <mcs> GeKo: Yes, the updater seems to be OK. Nice work with the messy backport!
19:14:37 <GeKo> well, you did the hard part ;)
19:14:48 <GeKo> (i.e. writing the follow-up patch)
19:14:56 <GeKo> + brade
19:15:34 <mcs> We did not do any testing of the alpha but the updater code is the same on the two branches, so we should be okay.
19:15:43 <mcs> no problem.
19:15:49 <GeKo> cool
19:16:27 <mcs> arthuredelstein: go when you are ready
19:16:35 <arthuredelstein> This week I posted patches for #20614 and #16622,
19:16:41 <arthuredelstein> and revised patches for #19459, #20414
19:16:46 <arthuredelstein> and #20347.
19:16:50 <arthuredelstein> I attended Mozilla's uplift meeting.
19:16:58 <arthuredelstein> I also proposed #20628 and #20639.
19:17:04 <arthuredelstein> This week I will be working on #10281 (the memory allocator).
19:17:12 <arthuredelstein> That's it for me.
19:19:03 <GeKo> thanks.
19:19:20 <GeKo> is anybody else here for the status update?
19:20:11 <Synzvato> Hi, yes
19:20:33 <GeKo> hi!
19:20:46 <arlolra> tor messenger release ready for tuesday/wednesday, or whenever tb goes out
19:22:10 <Synzvato> Cool
19:22:51 <GeKo> Synzvato: where are you with your work? any issues we can help with?
19:23:58 <Synzvato> I'm not sure how many of you know me, since I'm pretty new
19:24:00 <Synzvato> But I'm currently working on the security slider for Orfox
19:24:13 <Synzvato> GeKo: I have been exploring the codebase and related issues
19:24:41 <Synzvato> I'm almost done with setting up a dedicated GitLab node
19:25:25 <arthuredelstein> Synzvato: Hi, nice to meet you!
19:25:52 <arthuredelstein> I recently made some security slider revisions -- glad to chat about it if that will help.
19:27:05 <GeKo> thanks, as arthur said let us know if we can help with things
19:27:09 <Synzvato> Had some build issues on my distro, so I had to containerize the build tools
19:27:35 <Synzvato> arthuredelstein: Hi, likewise!
19:28:38 <GeKo> okay, let's move on to the dicussion part
19:28:48 <GeKo> do we have items for that one today?
19:29:36 <arthuredelstein> GeKo: Regarding uplift, it just occurred to me
19:29:54 <arthuredelstein> that maybe we should be encouraging the Mozilla folks to keep going with first party isolation now
19:30:05 <arthuredelstein> even if that means a slight delay to fingerprinting
19:30:14 <GeKo> i am fine with that
19:30:17 <arthuredelstein> because they are making such good progress and there are several loose ends
19:30:23 <GeKo> yeah
19:30:48 <GeKo> it might fit to the idea to start with the fingerprinting problems with the highest entropy first
19:31:09 <GeKo> without trying to "fix" every fingerprinting vector
19:31:20 <GeKo> within the next half year
19:31:24 <arthuredelstein> Yes, I agree with that.
19:32:18 <GeKo> it occurred to me the mozilla folks were thinking they were basically done with the first party isolation
19:32:30 <GeKo> and should move on to the fingerprinting part
19:32:53 <arthuredelstein> They are done with the uplift part.
19:33:08 <arthuredelstein> But for FPI things we haven't implemented, it would be great to have their help
19:33:21 <GeKo> indeed
19:33:23 <arthuredelstein> And they really know what they're doing.
19:33:32 <GeKo> but that might be their call. dunno
19:33:37 <Synzvato> arthuredelstein: Sounds great, it would be nice to hear about your first hand experiences. Will ping you then!
19:33:45 <Synzvato> GeKo: Will do!
19:33:57 <arthuredelstein> GeKo: Definitely it's their call. But I think mostly it meshes with their container goals anyhow.
19:34:14 <GeKo> arthuredelstein: if that's the case, cool
19:34:23 <arthuredelstein> O
19:34:39 <arthuredelstein> Typo. I'll ask Ethan what he thinks.
19:34:57 <GeKo> okay.
19:35:03 <arthuredelstein> Synzvato: Great, anytime.
19:35:29 <arthuredelstein> Another discussion topic might be the Tor Browser manual.
19:35:48 <arthuredelstein> But I don't mean to dominate if there are other subjects. :)
19:36:54 <GeKo> i don't have any today, so fine with me
19:36:58 <arthuredelstein> So I wrote a small patch to link to the online version of the manual.
19:37:15 <arthuredelstein> I figured that's a good stopgap while we ponder how to bundle it.
19:37:36 <arthuredelstein> And I read over the tbb-dev mailing list discussion about PDF vs HTML.
19:37:57 <GeKo> arthuredelstein: i agree with the good stopgap thing
19:38:04 <arthuredelstein> There were concerns expressed about proxy bypass if we show an HTML page.
19:38:20 <arthuredelstein> (before tor launcher finishes).
19:38:35 <atagar> meejah: Ahhh, neat! Didn't know they had a new site. That'll be fun to look into later. I was wondering why their bug tracker said 'legacy'. :)
19:38:57 <arthuredelstein> But given that we have all the proxy pref settings by default (SOCKS, etc.), is there any danger of that happening?
19:41:39 <GeKo> hm. so how would shipping the HTML files look like?
19:42:17 <arthuredelstein> Maybe as about: pages? So zipped into the xpi perhaps.
19:42:23 <arthuredelstein> an xpi
19:43:48 <mcs> We would need to show them in a viewer window of some kind (probably a XUL window that is not a navigator:browser window).
19:43:54 <arthuredelstein> I guess we would just clone the git at bundle time, build it, and then copy the files into the right place.
19:44:06 <arthuredelstein> mcs: What would be wrong with a navigator:browser window?
19:44:43 <arthuredelstein> I mean, I guess maybe you want to hide the URL bar and toolbars.
19:45:07 <arthuredelstein> If we haven't launched tor yet.
19:45:18 <mcs> Once you open a browser window, Torbutton and other extensions will start to do more things including things that rely on the network being present/ready. I think.
19:45:48 <arthuredelstein> I see what you mean. That's a good point
19:46:04 <mcs> Experimentation required I guess, but I think there will be some issues. Should be solveable somhow though.
19:46:08 <mcs> somehow
19:46:38 <GeKo> an other item that bothers me in general with shipping the manual is how to make sure the help files are up-to-date
19:46:44 <arthuredelstein> So maybe a XUL window with a browser widget inside.
19:46:56 <GeKo> i don't want to ship outdated information
19:47:39 <arthuredelstein> I guess the other alternative is to show some kind of launcher-specific help text to help users connect.
19:47:56 <arthuredelstein> Then you could leave the main manual online.
19:48:10 <GeKo> like we need a process to have the manual with all relevant features of version x ready for inclusion in tor browser x
19:49:21 <GeKo> i guess we should grab some ux folks to get their input here as well
19:49:46 <arthuredelstein> It might be nice to have an "alpha" version of the manual
19:49:59 <GeKo> that one, too
19:50:00 <arthuredelstein> so that as we add features to the alpha, we can edit the manual at the same time
19:50:28 <arthuredelstein> then when alpha browser becomes stable, so does the alpha manual.
19:51:49 <GeKo> sounds good to me
19:52:16 <GeKo> (although i suspect we need to update the manual in the stable releases, too, between major releases)
19:52:45 <arthuredelstein> I agree.
19:52:57 <GeKo> i think we should revive the discussion in #11698
19:53:25 <mcs> It sounds like we have some technical things as well as some process things to work out.
19:53:32 <GeKo> and decide on the format of the manual in tor browser, how to display it and a precess to keep it up-to-date
19:53:33 <GeKo> yes
19:53:39 <GeKo> *process
19:53:54 <mcs> But we should not let perfect get in the way of “good enough” in this case.
19:54:36 <GeKo> i agree with that. especially as we have alpha releases to iron things out
19:55:40 <GeKo> okay. i think there are some points we can take from this discussion to move things forward. thanks
19:55:47 <GeKo> do we have anything else for today?
19:56:29 <GeKo> alright, thanks everybody then. *baf*
19:56:34 <GeKo> #endmeeting