17:00:27 #startmeeting weekly network team meeting, 31 July 17:00:27 Meeting started Mon Jul 31 17:00:27 2017 UTC. The chair is nickm. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:00:27 Useful Commands: #action #agreed #help #info #idea #link #topic. 17:00:33 hi everyone 17:00:36 hello 17:00:38 https://pad.riseup.net/p/K3Up3AUaqkz0 17:00:52 welcome back, catalyst ! 17:00:55 isis: You around? 17:01:08 hello 17:01:25 Are we missing anybody else? 17:01:40 I'm here but not really anything to say 17:01:50 (hi pastly) 17:01:54 hi dgoulet , isabela , ahf 17:02:11 o/ 17:03:04 let's start reading one another's updates on the pad! 17:03:59 ahf: I have a request for an additional task for you this week.... 17:04:13 Please document the android stuff you have been learning as you go along! 17:04:20 so that other people can try it too 17:04:21 nickm: hey 17:04:27 hihi, meeting time! 17:04:31 absorbing coffee 17:04:32 pad at https://pad.riseup.net/p/K3Up3AUaqkz0 17:04:37 yay coffee 17:05:47 we're all going to be spending a bunch of vacation time this month, so let's think about anything we need from one another _before_ vacations begin? 17:06:01 That is, if we'll need anything next week or the week after, when people start to be away a lot 17:07:01 catalyst: do you have internet at home now? :) 17:07:32 nickm: yes! 1Gbps supposedly 17:07:36 woo! 17:07:40 i will write the list about it, but there's a period from like 17 august to 22 august that i will be away in order to speak at rustconf 17:07:50 catalyst: nice 17:07:56 isis: cool! 17:08:05 isis: will your talk be recorded or streamed or anything? 17:08:21 catalyst: woah nice, glad your new place is coming along 17:08:55 nickm: it will be recorded and iirc released on youtube under CC-BY-SA 17:09:27 nifty 17:09:35 please circulate a link once there is one 17:09:40 looking forward to it 17:10:05 i'm going to take some days off at the end of august for bornhack construction/destruction 17:10:08 deconstruction* 17:10:13 isis: thanks! i still have lots of fiddly bureaucracy bits to chase down because of the move 17:10:56 nickm: ok will do! :) 17:11:50 let's start discussing the things at the start of the pad 17:12:11 review-group-21 is all either in needs_revision or merge_ready. So I believe we're done there 17:12:34 There are only 3 needs_review tickets in 0.3.2 right now, so I'm not starting review-group-22 today, but if you want to review something please feel free. 17:12:46 I did indeed fix a lot of coverity issues on master last week. 17:13:03 They had been hidden because coverity was using a broken model for the BUG() macro 17:13:19 see #23054 17:13:25 oh, not that one 17:13:50 see #23030 17:13:58 that made make check fail ^ btw (#23054) 17:14:17 oh dear 17:14:30 oh wait no! 17:14:37 the tor_parse_long patch made the test fail 17:14:51 whoops, sorry. 17:14:52 will fix 17:15:07 neat 17:16:06 let's remember to take on roles for august 17:16:13 catalyst: you noticed some errors from #22636? 17:16:48 not as merged, i think, but an earlier version had some test_rust problems and the detailed log wasn't showing up in Travis 17:18:17 oh hrmm 17:18:33 hopefully not the merged thing 17:18:37 oh oh oh!! Tomorrow is EOL for lots of tor version :D 17:18:51 unfortunately i think making it work "right" means untangling a bunch of hairy automake boilerplate 17:19:08 dgoulet: yes, at long last! 17:19:21 I think it's also a good day to put out another 0.3.1.x, if we can 17:20:10 nickm: going in rc? 17:20:22 isis: wrt bridgedb brokenness wrt debian9 upgrade: for the next time this happens, should we have a testing environment to upgrade first? 17:21:21 hey mikeperry. i havent had much time for prop247 lately, but plz let me know if you need any help or to brain dump to someone. 17:21:36 mikeperry: after the prop224 review/merge frenzy subsides i will come back to prop247 land 17:22:11 asn: no worries. thank you for the review and suggestion on #13837 17:22:21 I am working on the stem bits now 17:22:24 dgoulet: that's something we should talk about; it relates to my question of "what is 0.3.1 blocking on?" 17:22:36 after that, I will try to run client and server instances with onionperf 17:22:40 nickm: right, I'm looking over the 39 tickets in 031 17:22:45 nickm: we did theoretically have a testing environment, but the last few weeks of debian 9 stabilisation seems to have sped up putting newer dependency versions from testing into stable, and those versions (even though they are minor version updates!) completely broke their API by deleting/moving/changing bits of twisted code 17:22:57 argh, twisted 17:23:18 we should politely complain to the twisted people, if they are really breaking APIs in minor updates... 17:23:31 or to the debian packagerts, depending on who seems most at fault 17:23:32 asn: but I am pretty good on my own for all of that. worst case I will need some help from atagar and karsten. we can sync up after that 17:24:02 mikeperry: great 17:24:06 yeah it made me a bit sad 17:24:09 (suggested tone: "Hey, that thing you did was really inconvenient! If you are able to be more careful about that next time, we'd appreciate it!") 17:24:16 ("Thanks for writing/packaging!") 17:24:58 that's probably a good idea, like the server is running 16.1.1 right now, but if you upgrade to 16.6.0 it's completely broken 17:24:59 isabela: on your question of oniongit -- I dunno. Personally, I think that it's doing very well for code review, but I am kind of afraid of leaving trac's ticket system. 17:25:10 I don't know whether the TB security level issue is a showstopper 17:25:12 i didn't want to complain too loudly 17:25:28 oh I might have some questions for the folks who worked on prop271 17:25:36 but later, probably 17:25:43 prop#271 17:25:52 mikeperry: design or implementation? 17:26:17 mikeperry: sounds good to me 17:26:23 nickm: i am looking for folks opinion on it -> 13:25 <+nickm> I don't know whether the TB security level issue is a showstopper 17:26:31 nickm, isabela: yeah I just replied on that thread... 17:26:42 dgoulet: saw it too, tx 17:26:45 implementation, esp wrt how we think we want to use it for prop247. I will most likely just implement what I remember from our wilmington discussions, and then write that up and ask people what they think 17:26:46 tough one to answer :Ls 17:26:47 It is not a showstopper for me. 17:27:07 mikeperry: okay. I'm probably the best person to ask there; please get to me before the middle of next week, so you catch me before I go on vacation? 17:27:20 dgoulet: yeah, that is why i would like to check with people who are trying gitlab 17:27:27 asn also knows the code pretty well 17:28:17 yep 17:28:38 mikeperry: i can probably answer questions about the logic fairly fast, but not so much the implementation (at least not without digging into the code since i didn write it) 17:30:05 wow, 0.2.4, 0.2.6, and 0.2.7 are all KIA today 17:30:32 that simplifies things quite a bit 17:30:41 If somebody reports a security flaw in them today, I am so not fixing it. :) 17:31:18 technically, Aug 1st is tomorrow but it's probably already Aug 1st somewhere :P :P 17:31:49 ahf: May I assign #22926 for you to fix in 0.3.1 ? 17:32:08 mikeperry: you are aware of this #22934 ? 17:32:11 ahf: if not, please reassign it to me 17:32:11 yes! ideally for this week, nickm 17:32:27 great 17:32:36 trying to structure my 20-25/80 split into "weeks" 17:32:46 if soemone wants #22934 fixed in 0.3.1, they should assign it to them :) 17:33:49 nickm: I've worked on that #21509 so there has been some fuzzing but nothing upstream yet... and haxxpop is looking at it, defer? 17:34:00 dgoulet: bleh, no. thanks 17:34:03 mikeperry: I also left a question for you about whether #22136 is must-fix-in-0.3.1 17:34:35 dgoulet: I would really like it to not be deferred. If there is a crash bug to be found in the hsdir code, I want us to find it before 0.3.1.x is stable! 17:36:16 nickm: same but does this matter that it has to be upstream before 032? What I mean is I did fuzz for hours that thing already but apart from telling you that, I don't see how I can resolve that ticket except with a fuzz_hsdescv3 binary pull request? 17:36:58 ah; no, it needs to be tested, but the tests don't need to be upstreamed yet. 17:37:10 what do you mean "with a fuzz_hsdescv3 binary pull request" ? 17:37:29 dgoulet: maybe update the ticket with the status, and defer to 0.3.2 ? 17:37:35 nickm: well a fuzz_hsdescv3.c and some corpora patch? 17:37:43 sounds good 17:38:11 if we take those in master, then oss-fuzz will start fuzzing the code too. 17:38:30 oh true google thing! ok maybe worth it then to have it in 031 17:38:53 it's okay to do it in master 17:38:58 just so long as it goes in _somewhere_ 17:39:11 oss-fuzz is only looking at our master right now 17:39:17 ok! 17:39:27 dgoulet, nickm I'm looking at the teor's code. Currently we have only the fuzzer for the descriptor (from dgoulet) but not other parts 17:39:37 I don't see anything stopping us from putting out 0.3.1.next-alpha, maybe with a stable to follow in a week or 2 17:39:44 haxxpop: we should start with that imo 17:39:50 every piece helps 17:40:03 will oss-fuzz run "cargo fuzz" for us? 17:40:15 isis: only if we tell it to 17:40:19 it only works with afl and libfuzzer i think? 17:40:19 and teach it how 17:40:21 yes 17:40:27 cool 17:40:31 is cargo fuzz libfuzzer-based? 17:40:43 i think so? 17:40:48 interesting. 17:41:20 we should see if clusterfuzz has "how to fuzz rust" documentation written. If not, we should ask them to please write some, and follow it 17:41:24 they'd probably be glad to 17:41:44 nickm: are you sure you meant #22136? I don't see any comments for you there 17:41:47 I am replying anyway 17:41:50 to teor 17:42:20 mikeperry: sorry; I meant that the question was from teor 17:42:24 so confused today :) 17:42:25 nickm: yes, it is using libfuzzer 17:42:29 cool 17:43:10 asn/dgoulet: have I reviewed enough #20657 last a couple of days, or should I do more today? :) 17:43:44 who is clusterfuzz? 17:43:49 or what 17:43:57 it's the tool that oss-fuzz is built on 17:44:00 google uses it internall 17:44:01 y 17:44:04 nickm: did you review more today? or the stuff from last week? 17:44:04 and runs oss-fuzz on it 17:44:10 asn: reviewed a little more today 17:44:17 nickm: i think i have 1-2 days of fixes 17:44:49 (i didnt get any gitlab mails today i think) 17:44:54 nickm: so we good i think 17:44:58 ok cool 17:45:04 i'll do a bit more today, then other stuff 17:45:14 Do we have more topics today, or shall we call the meeting finished? 17:46:11 * dgoulet is good 17:46:54 yep 17:46:55 did we talk about oniongit and javascript? 17:47:01 ehm 17:47:09 review-group-21 seems done nickm ? 17:47:20 asn: yes, I believe so. 17:47:31 asn: I'll open 22 once there are more tickets to put in it; right now there are only 3 17:47:59 catalyst: a little; the main question (also in discussion on the ml) is whether the javascript issue is a blocker for further oniongit experimentation 17:50:02 i think enough of the core devs are willing to use javascript that it's not too much of an issue, right? main question for me is how badly it would block outside contributors 17:50:12 indeed 17:50:23 contributors vs people that just complain about things on trac 17:50:59 yep 17:51:24 catalyst: I think if somebody really doesn't want to turn on any js for oniongit, they can contact us by other means, we can do our reviews there, and then send them a copy? 17:51:27 dunno 17:51:36 Yawning: some contributions are ... more valuable than others 17:51:47 Yawning: +1 17:52:11 nickm: that seems workable if we publicize the workarounds well 17:52:19 * isis goes to see what oniongit is like without javascript 17:52:19 I find using oniongit for review to be a big productivity win, even if we can't require it for everyone. 17:52:36 i just think this is a collective decision - even tho me and hiro are driving any change that is a result of this decision, is not our decision 17:52:40 gitlab without js is about as bad as github without js 17:52:57 so i want to take into account all the voices/concerns 17:53:17 "whatever, I can still clone a branch" 17:54:27 more for this meeting? 17:54:42 would be great to have folks opinions on the email thread so its all in one place and easier to have the discussion? 17:54:58 i brought it here because is now something I am wondering about and y'all are testing it :) 17:55:07 nickm: sorry that was for me :) 17:55:08 gitlab code review for sure can't go away... it's *so* useful and important 17:55:14 i've added a note to the pad under "tasks for after this meeting" 17:55:14 it doesn't seem that bad? i can log in, browse people's stuff, view diffs, and i think i can even leave comments 17:55:47 really? that did not work for me at least 17:55:56 dgoulet: that is really important for us to hear / same with what nickm said above 17:56:38 GeKo: i have TB in medium security mode and i just told NS to untrust oniongit.eu 17:56:57 ok. I will #endmeeting so the tb meeting can start, but let's move over to #tor-project for more of this? 17:57:00 #endmeeting