17:59:51 <pili> #startmeeting tor-browser-release 04/15
17:59:51 <MeetBot> Meeting started Wed Apr 15 17:59:51 2020 UTC. The chair is pili. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:59:51 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
17:59:52 <pili> hmm... or not :)
17:59:55 <pili> there we go
17:59:58 <Jukana> alright thanks pili
18:00:03 <pili> who's around for the meeting today? :)
18:00:09 <cschutijser> I am
18:00:18 <pili> Here is the pad again: https://pad.riseup.net/p/tor-browser-release-meeting-keep
18:00:40 <sysrqb> o/
18:00:50 <sysrqb> cschutijser: welcome
18:00:51 <pili> please add any discussion items or requests in the relevant sections :)
18:00:59 <pili> and we'll start in a few minutes
18:01:15 <ahf> hey
18:01:20 <ahf> oh
18:01:23 <ahf> other room!
18:02:01 <cschutijser> Thanks. Should I file my topic ("Tor Browser on OpenBSD") under discussion or somewhere else?
18:02:20 <pili> cschutijser: Discussion is fine :)
18:02:27 <pili> and welcome!
18:02:56 <cschutijser> Thank you :)
18:03:19 <pili> I think we can probably start with the discussion items now
18:03:51 <pili> sysrqb: I had taken a note that we were going to do a release around now to take advantage of the new tor 0.4.3 release
18:04:03 <pili> I'm guessing that's no longer happening due to release fatigue ;)
18:04:10 <pili> and I just wanted to confirm
18:04:23 * antonela waves
18:04:32 <pili> hey antonela
18:05:41 <sysrqb> pili: yeah.
18:05:46 <sysrqb> i think i dropped the ball on this
18:05:55 <sysrqb> but we need a break from releases, too
18:06:00 <sysrqb> so that's okay
18:06:09 <nicoleiocana__> here o/
18:06:31 <pili> ok, so then I have the next release on May 5 for the 9.5 stable but I think we need to review that :)
18:06:56 <sysrqb> i think we should move that to 5/5/
18:07:01 <sysrqb> err�h
18:07:05 <sysrqb> 15 may
18:07:10 <pili> the stable?
18:07:15 <sysrqb> yes
18:07:18 <pili> ok
18:07:33 <sysrqb> i need to follow up with securedrop about their testing and deployment pans
18:07:37 <sysrqb> plans
18:07:43 <sysrqb> for the https-e ruleset and such
18:07:51 <pili> and do we want to do another release in between to take up the new tor 0.4.3?
18:08:08 <sysrqb> we can include that on 5/5
18:08:14 <sysrqb> with the new ESR
18:08:19 <pili> ok, great :)
18:08:40 <sysrqb> two weeks shouldn't make much difference :)
18:08:42 <sysrqb> i hope
18:11:17 <pili> ok, so I now have:
18:11:21 <pili> - 2020.05.05: 9.0.10 and 9.5a12 - ESR68.8 and Tor 0.4.3
18:11:50 <pili> and 2020.05.15: 9.5 Stable and 10.0a1 - Tor 0.4.4alpha
18:12:08 <pili> sysrqb: I don't think so either :)
18:12:52 <sysrqb> that seems good
18:13:05 <pili> and from mid May onwards are we still looking at releasing with the ESRs or do we want to try the fortnightly alpha releases experiment again?
18:13:23 <pili> to not forget about everything that comes after the 9.5 stable
18:13:52 * pili needs to extend the timeline :)
18:14:02 <sysrqb> i think following the ESR schedule in June seems smart
18:14:12 <sysrqb> and then we can think about releasing more often in July
18:14:53 <pili> yup, I agree
18:15:03 <sysrqb> great
18:15:17 <pili> do we briefly want to discuss what will make it into 9.5 stable?
18:15:51 <pili> or maybe what we know will not might be easier
18:16:02 <sysrqb> sure. you want to create a list of all features or the S27 features, in particular?
18:16:31 <antonela> errors, onion-location, urlbar updates, https-e channel update
18:16:32 <pili> hmm, I think all features
18:16:35 <antonela> and i think that is all
18:16:56 <antonela> maybe the first three?
18:16:56 <pili> I think the S27 features are the most prominent ones for me
18:17:11 <pili> and I don't want to forget about any other nice things we may be releasing
18:18:12 <sysrqb> https://gitweb.torproject.org/builders/tor-browser-build.git/tree/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt
18:18:13 * antonela btw if you are reading and you feel safe to try an alpha go for it https://dist.torproject.org/torbrowser/9.5a11/
18:18:21 <sysrqb> :)
18:18:24 <antonela> :)
18:18:46 <sysrqb> pili: i can go through the changelog and pull out all of the new features
18:18:50 <sysrqb> maybe that will be easier?
18:19:00 <pili> sure, if it's not too much hassle
18:19:14 <pili> but maybe we don't need to list them all here and now :)
18:19:30 <sysrqb> yeah, i can follow up with an emai
18:19:33 <sysrqb> l
18:19:38 <sysrqb> that may be easier
18:19:51 <pili> I think what would be nice is to check what we are planning to release and make sure that anything that people are expecting or would like to request for inclusion is missing
18:20:11 <pili> and then we can discuss the ones that are missing or any requests
18:20:33 <sysrqb> the only feature i know we aren't sure about is onion-location
18:21:05 <sysrqb> but the argument that "we won't know if it works until it is in a stable release" is a good argument, too
18:21:48 <antonela> if we go to stable, we will need documentation
18:22:04 <antonela> maybe if not too, but is another discussion
18:22:09 <sysrqb> yeah
18:22:14 <pili> I wonder what we can do to be sure one way or another :) should we do a call for testing?
18:22:41 <pili> I'm fine if it doesn't make it in also
18:22:54 <sysrqb> we can/should start asking our friends
18:23:00 <pili> :)
18:23:08 <sysrqb> maybe sending an email is smart
18:23:25 <antonela> pili: yes! nah is working on that
18:23:50 <pili> I can take that one
18:23:51 <pili> I can just send an email to tor-project for example
18:24:00 <antonela> pili: awesome
18:24:04 <antonela> thank you!
18:24:09 <pili> ok
18:24:16 <pili> anything else on 9.5 stable?
18:24:49 <pili> re: documentation we should start working on it regardless and have it ready to publish :)
18:25:05 <sysrqb> yeah
18:25:09 <pili> I can work on that with ggus
18:25:12 <sysrqb> i guess we should coordinate with ggus?
18:25:16 <sysrqb> okay
18:25:21 <sysrqb> thanks
18:25:29 <antonela> thanks pili
18:25:51 <pili> shall we move on? :)
18:26:14 <sysrqb> yep
18:26:19 <antonela> is groot
18:26:37 <pili> cschutijser: I believe you're up now :)
18:26:45 <cschutijser> I believe so to :)
18:26:56 <sysrqb> hello!
18:27:03 <cschutijser> I was asked to join this meeting to let all of you know what I'm doing so here I am
18:27:20 <cschutijser> Since a couple of months I maintain Tor Browser in the OpenBSD ports tree
18:27:34 <antonela> oh thanks!
18:27:44 <sysrqb> which version number are you distributing now?
18:27:44 <cschutijser> When I started it was stuck at 8.x, I believe. I upgraded it to 9.x and I've been keeping it up to date since
18:27:50 <sysrqb> very nice
18:27:52 <cschutijser> 9.0.9
18:27:53 <sysrqb> thank you!
18:27:59 <cschutijser> You're welcome :)
18:28:18 <pili> great!
18:28:18 <cschutijser> Now, there is one aspect that I want to work on in the future. I'll intro that by something that happened recently
18:28:43 <cschutijser> A month or so ago a user reported that the font fingerprinting defenses were not working. And indeed, they were not
18:29:06 <cschutijser> The reason it didn't work was the fact that the OpenBSD port of Tor Browser does not use tor-browser-build.git to build the software
18:29:32 <cschutijser> Instead, at least for now, it takes src-firefox-tor-browser-*.tar.xz and src-tor-launcher-*.tar.xz andd it proceeds more or less as if it's a normal Firefox browser
18:30:07 <cschutijser> And as you know the tools in tor-browser-build.git make sure, amongst other things, that the bundled fonts are actually shipped with the Tor Browser
18:30:39 <cschutijser> So for now I have fixed the OpenBSD port by making sure the fonts are bundled and the proper fontconfig configuration is set
18:31:07 <cschutijser> But in the long term, what I want to do is look into tor-browser-build.git and find ways to make the difference in the build procedure as small as possible
18:31:17 <cschutijser> To prevent such bugs from happening again
18:32:02 <cschutijser> So if I have any questions or suggestions regarding this topic, I'll let you know. I don't really have a timeline for this
18:32:27 <cschutijser> If you have any questions or comments regarding the above or anything else, I'm happy to hear it
18:32:32 <sysrqb> yes, plesae let us know ifyou have any questions or suggestions
18:33:14 <sysrqb> tor-browser-build provides us with a way of reproducibly creating tor browser releases
18:33:41 <sysrqb> but you should be able to build tor browser outside of tor-browser-build
18:34:06 <sysrqb> but the compoonents may not match 100%
18:34:35 <sysrqb> on the tor side, we should be careful about using custom patches within tor-browser-build and applying those during the build process
18:34:37 <cschutijser> It is indeed true that I get a fairly well functioning Tor Browser by just taking the source tarball
18:35:11 <sysrqb> and, we are generally careful about making changes in the git repos
18:35:19 <cschutijser> Are there other features, besides the font fingerprinting defenses, that come to your mind right away that may not be included if I build the Tor Browser like this? If not that's ok, I'll figure it out at some point
18:35:32 <sysrqb> but this is something we can keep in mind (and it's not something i previously thought about)
18:36:00 <cschutijser> What do you mean in this case by the git repos? Just the tor-browser-build.git repository or some other repositories too?
18:37:07 <cschutijser> I can imagine it also applies to the tor-browser.git repository
18:37:14 <sysrqb> i was thinking about the tor-browser.git repo, in particular
18:37:18 <sysrqb> yes
18:37:43 <cschutijser> ok, I fully understand that
18:38:24 <sysrqb> i'll review the build process
18:38:47 <sysrqb> and can w chat about this later this week?
18:38:50 <sysrqb> *we
18:39:06 <cschutijser> That's OK with me
18:39:12 <sysrqb> great, thanks
18:39:27 <cschutijser> Although at this point in time I don't know a whole lot yet about tor-browser-build, I don't know if that would be useful?
18:40:18 <sysrqb> whatever will be helpful
18:40:34 <sysrqb> if you want to look at tor-browser-build more before we talk,then that is fine too
18:40:46 <cschutijser> Alright. Well, let's indeed chat this week. We can also chat again later if necessary
18:40:53 <sysrqb> toerhwise we can talk about tor-browser-build as well
18:40:59 <sysrqb> yeah
18:41:03 <sysrqb> *otherwise
18:41:08 <cschutijser> Sounds good
18:41:24 <cschutijser> Shall we determine a date and time later in a /query?
18:41:30 <sysrqb> yeah
18:41:51 <pili> ok
18:41:51 <sysrqb> sounds good
18:41:54 <pili> sounds like we are good here for now then :)
18:42:10 <pili> does anyone have any other discussion points or requests?
18:42:12 <cschutijser> Indeed :)
18:42:16 <cschutijser> None from my side
18:42:16 <pili> thank you cschutijser
18:43:40 <cschutijser> All of you too :)
18:43:51 <pili> ok, I think we can end the meeting here then :)
18:43:52 <pili> thanks everyone!
18:43:53 <pili> #endmeeting