15:06:37 <donuts> #startmeeting Tor Browser Weekly Meeting 2022-08-29
15:06:37 <MeetBot> Meeting started Mon Aug 29 15:06:37 2022 UTC.  The chair is donuts. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:06:37 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
15:06:44 <donuts> pad is here: https://pad.riseup.net/p/tor-tbb-keep
15:06:54 <donuts> please add any items you'd like to discuss to the agenda :)
15:07:25 <donuts> also please remember to review your kanban boards while you add your updates to the pad too
15:07:41 <donuts> a wild richard appears!
15:07:48 <richard> o/
15:08:10 <donuts> i've just started the bot, but I'll let you take back over from here :D
15:08:19 <donuts> folks are just adding their updates to the pad
15:08:30 <richard> hello hello
15:08:35 <richard> meeting pad per usual: https://pad.riseup.net/p/tor-tbb-keep
15:09:57 <emmapeel> o/
15:10:23 <richard> o/
15:10:27 <PieroV> hello!
15:11:23 <dan_b> o/
15:13:16 <ma1> o/
15:13:23 <boklm> o/
15:13:42 <richard> ok it looks like we're mostly ready
15:13:54 <richard> let's start with announcements first
15:14:12 <richard> emmapeel: do you wish to elaborate at all on Fluent and weblate?
15:14:39 <richard> (if not that's fine of course, happy to see forward progress on this :) )
15:14:49 <PieroV> me too :)
15:15:28 <emmapeel> richard: not really. i am here if there are questions but pierov says he is quite busy to work on this now
15:15:48 <richard> yes, esr102 alpha is coming :)
15:15:53 <richard> ok, from me then
15:15:56 <emmapeel> one thing is that i would like to clean up the locales before moving, or during
15:16:04 <emmapeel> soryr im done
15:16:43 <richard> yeah I expect we'll see a lot of changes to our entire localization pipeline, some cleanup at hte same time would be excellent
15:17:00 <richard> anyway, Henry is starting this week! (woo!)
15:17:05 <Jeremy_Rand_36C3[m]> Does Henry have an IRC nick already?
15:17:40 <richard> I don't know, but he does have email forwarding allegedly working (henry@tpo)
15:18:11 <Jeremy_Rand_36C3[m]> Alright.  It shall be a surprise then.  :)
15:18:23 <donuts> \o/
15:18:31 <Jeremy_Rand_36C3[m]> (Very cool that the team is growing so fast.)
15:18:38 <richard> I'll send him irc instructions later this week, so hopefully those of you in Eu timezones will help him get set up with things
15:19:01 <richard> I've tried to push the onboarding ticket a bit harder this time but i'm sure there will be things not ready on day 1 as per usual
15:19:21 <ma1> So no onboading call for them?
15:19:34 <PieroV> I think the onboarding call is a must :)
15:19:37 <richard> I'm planning on scheduling a similar onboarding/walkthougoh meeting as we had with dan and ma1 Friday
15:19:49 <richard> yes for onboarding meeting :)
15:20:10 <ma1> very helpful indeed :)
15:20:32 <Jeremy_Rand_36C3[m]> Can we do brief proper introductions in the meeting next week?  'Twas a tad awkward with me not knowing dan_b  and ma1 when they joined.
15:20:32 <richard> ok onto releases
15:20:44 <richard> ahh yes
15:20:47 <richard> that's a good idea
15:21:12 <dan_b> +1
15:21:18 <richard> anyway
15:21:36 <richard> thanks ma1 for the release-prep for 11.5.3 for android :)
15:22:10 <richard> ran into some deployment issue on the webserver over the weekend, which is why 11.5.2 isn't out yet despite being signed and ready
15:22:21 <richard> but those should both be out this week
15:22:22 <ma1> thank you richard and PieroV for walking me through :)
15:22:37 <PieroV> richard: lavamind came earlier to say we filled the storage once again, iirc
15:22:37 * dan_b looks forward to giving it a go next time :D
15:22:43 <richard> (and I do have edits for the release prep template living in my git somewhere)
15:23:18 <richard> dan_b: yes I think we can give you the next stable, shouldn't be too bda
15:23:27 <richard> the alpha may be a bit much for a first go though :D
15:23:49 <PieroV> half of the first 102 alpha is already done in tor-browser-build!503
15:23:49 <richard> PieroV: can't wait for multi-locale bundles
15:24:09 <PieroV> me too
15:24:49 <richard> ok i'm done with announcing things everyone already knows, let's move on to the dicussion
15:24:50 <Jeremy_Rand_36C3[m]> The multi-locale thing is a blocker for the ARM and POWER ports, right?
15:24:51 <richard> PieroV?
15:25:02 <richard> (that is correct jeremy)
15:25:06 <PieroV> I'd like to know what's the status with 102 :)
15:25:07 <boklm> yes
15:25:27 <Jeremy_Rand_36C3[m]> Looking forward to that getting done then :)
15:25:46 <PieroV> If there are still any blockers
15:26:10 <PieroV> Or if we're missing only the build part, and if there are any problems with the build changes I've been doing, etc etc
15:26:18 <PieroV> I think we wanted to release tomorrow
15:26:21 <richard> nothing from me, iirc we have reproducible builds for all platforms from the 102 branch now yes?
15:26:31 <PieroV> Yes
15:26:35 <richard> so from my perspective we're just missing the release prep
15:27:09 <PieroV> richard: the Firefox part is already done in the branch. We're missing the usual tor+Go+OpenSSL+NoScript updates
15:27:20 <richard> right right
15:27:46 <boklm> I still need to do the review of the tor-browser-build changes, I'm planning to do it tomorrow
15:28:10 <richard> ok that wfm
15:28:38 <PieroV> boklm: do you know if there are some problems already, or if I can do anything to help you for the review?
15:28:39 <Jeremy_Rand_36C3[m]> PieroV: is the tor-browser-build ESR102 branch in good enough shape that I can start rebasing the ARM branch onto it?  Or will I be better off waiting a week?
15:29:05 <PieroV> Jeremy_Rand_36C3[m]: I think it's ready
15:29:17 <richard> I can do the release prep for 102 after those changes are merged then (or you can PieroV if you're feelin eager)
15:29:30 <PieroV> richard: I feel I'm a bit swamped
15:29:41 <PieroV> The fonts thing might be nastier than expected
15:29:58 <boklm> PieroV: I didn't see problems already, I will look more closely tomorrow
15:30:01 <richard> sounds like 'fun' :)
15:30:05 <PieroV> boklm: thanks
15:30:11 <Jeremy_Rand_36C3[m]> PieroV: OK great, I will see if I can find time this week to rebase the ARM branch.  Though I'm also waiting on the mozconfig to be merged to tor-browser.
15:30:20 <richard> in that case I'll plan on getting 102 prepped and tagged tomorrow
15:30:40 <ma1> PieroV, wanna offload the font bug to me?
15:31:02 <PieroV> ma1: we can see later
15:31:28 <PieroV> The alternative for me is to proceed with the tor-launcher and or localization part
15:31:55 <PieroV> That are also big, but I think the font thing has higher priority (actually, it's like 2-3 issues)
15:33:31 <PieroV> richard: before tagging releases, I think that we might want to address the second point of my discussions
15:33:34 <richard> what's the font ticekt # ?
15:33:44 <ma1> https://bugzilla.mozilla.org/show_bug.cgi?id=1787790
15:33:45 <PieroV> tor-browser#41116
15:34:14 <richard> wow ok that's a lot of activity
15:35:02 <richard> i'm inclined to say any font fingerprinting problems have higher priority then tor-launcher/localization refactors+migration
15:35:05 <richard> since they're user facing
15:35:28 <PieroV> Hopefully Moz people can deal with it and then we cherry pick :)
15:35:46 <richard> that's always the ideal scenario
15:35:46 <emmapeel> i agree, fingerprinting comes before
15:36:24 <richard> and re point 2, this should be a matter of flipping the right prefs reverting w/e https-everywhere integration we have right?
15:36:26 <PieroV> Then there are a couple of minor problems, i.e., an aesthetic problem (system-ui shows Noto Sans JP, instead of Arimo), and .SF NS is directly accessible on macOS
15:36:55 <PieroV> richard: hopefully yes, but I think we should check it before.
15:37:00 <richard> yeah
15:37:09 <PieroV> Current Android nightlies are already 102, so we can use them with HTTPS-E disabled
15:37:20 <PieroV> But I expect HTTPS-Only not to be active
15:37:24 <richard> also curious how https-e being remvoed will work for build-to-build upgrades too
15:37:56 <PieroV> Uhm. We might write a patch to remove it?
15:38:07 <richard> ma1: sound like fun to you?
15:38:17 <ma1> richard, I was about to offer
15:38:30 <PieroV> Extensions are installed in the profile in Android, so I expect it to remain installed, even when we stop shipping it
15:38:39 <PieroV> And we should also clear the code to install it from Fenix
15:38:52 <ma1> Yes, it's the code I've patched last week.
15:39:00 <richard> makes sense to me
15:39:03 <PieroV> Of course, pref flipping has priority #1, since HTTPS-E can work with HTTPS Only enabled
15:40:25 <richard> ok i'll track down the tickets or create new ones and assign to you ma1
15:40:35 <ma1> richard, perfect
15:40:51 <PieroV> It was tor-browser#19850 for desktop
15:41:09 <PieroV> (well, probably I should have added the pref also to GV in that occasion)
15:42:18 <richard> ok, now what's this about proprietary dependencies in TBA?
15:42:54 <PieroV> It seems we still "link" (or whatever it is the correct word for Android land) some Play Store libraries we don't really need
15:43:07 <PieroV> Especially one that is used for hardware 2FA
15:43:29 <richard> oh i see
15:43:32 <PieroV> We disable that feature, but F-Droid doesn't like the fact that we still reference the library
15:43:51 <richard> do we ship the library?
15:44:22 <PieroV> I think it's a matter of deleting code (AFAIK, you don't have a way to remove imports like with anything like a preprocessor)
15:44:31 <Jeremy_Rand_36C3[m]> What does linking entail here?  Does that imply that TBA will error if that library isn't there?
15:44:31 <PieroV> richard: the feature is disabled with a pref
15:44:36 <PieroV> So the code is there
15:44:57 <PieroV> It's just disabled by default, from what I can gather from the comments in the issues linked in the thread
15:45:02 <Jeremy_Rand_36C3[m]> (Some Android distros don't have Play Services installed)
15:45:17 <PieroV> I think it's more like a static link
15:45:17 <richard> ok, seems legit but low priority atm
15:45:42 <PieroV> Yeah, it's more an investigative thing, because we could reopen the related issues, if needed
15:46:10 <richard> i'll create an issue for it, hopefully resolve before the 12.0 stable
15:46:18 <PieroV> And I think we could close tor-browser#26614
15:46:39 <PieroV> richard: we have already https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40223
15:46:40 <dan_b> is it just a library dep listed in AndroidManifest.xml or something?
15:47:12 <PieroV> dan_b: not sure. I think the related APIs are also imported in some Kotlin file?
15:48:10 <PieroV> Seems like there's a wrapper
15:48:16 <PieroV> app/src/main/java/org/mozilla/fenix/browser/BaseBrowserFragment.kt:import mozilla.components.feature.webauthn.WebAuthnFeature
15:48:31 <PieroV> Which should be in Android Components
15:50:02 <PieroV> Well, in every case, it's also listed in the list of dependencies to download for the build
15:50:34 <PieroV> So, first we should disable the dependency in the code, and then also in tor-browser-build (but I think that if a dependency is download but then not used, it isn't included in our files)
15:51:44 <richard> ok we're reaching the end of our allotted time
15:52:07 <richard> is there anything else to discuss today?
15:52:16 <PieroV> do we have the release meeting later?
15:52:21 <richard> yes
15:52:43 <donuts> I don't think there's any further feedback for tor-browser#41112, who should I assign to for implementation?
15:53:13 <ma1> donuts, that should be me I guess :)
15:53:15 <richard> wfm
15:53:26 <ma1> (it was also in my notes, somehow)
15:53:29 <donuts> great :)
15:53:58 <donuts> richard: want me to put the bot back to sleep?
15:54:06 <richard> yes please
15:54:11 <richard> it deserves a break
15:54:20 <donuts> good night bot o/
15:54:22 <donuts> #endmeeting