17:32:16 <GeKo> #startmeeting tor browser 07/01/2019
17:32:16 <MeetBot> Meeting started Mon Jul  1 17:32:16 2019 UTC.  The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:32:16 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
17:32:22 <GeKo> antonela: sure
17:32:32 <sisbell> hi
17:32:38 <GeKo> welcome everyone to the first weekly meeting in july 2019
17:32:51 <GeKo> please add your items to the pad: https://storm.torproject.org/shared/tHoN4Ii7rLSjPE0OP4gydX4cMGadsXmRQNc-6lwru0N
17:33:16 <GeKo> and mark items to talk about into bold
17:33:29 <GeKo> s/about into/about/
17:36:19 <GeKo> alright, let's get going
17:37:15 <GeKo> it seems i am first today
17:37:35 <GeKo> i have one item which might overlap with sisbell's first one
17:37:53 <GeKo> so, while reviewing boklm's really nice work over in #28672
17:38:07 <GeKo> i spent quite some time thinking about how we want to integrate the result into tor browser
17:38:30 <GeKo> i started to actually write patches for that but then stumbled over the more fundamental issue
17:38:47 <GeKo> the patch boklm has is based on _hc's which is for pluto2
17:38:56 <GeKo> https://github.com/guardianproject/AndroidPluggableTransports
17:39:07 <GeKo> this is the new way of dealing with pts it seems
17:39:42 <GeKo> and moves away from what we have right now, which is shipping a binary and using an approach which is similar to the desktop one
17:40:00 <GeKo> so, the question is what we should do here (now and later)?
17:40:15 <GeKo> should we try to build a snowflake client for now
17:40:30 <GeKo> and then adapt topl so we can use that client as well where needed
17:40:39 <GeKo> (in addition to obfs4proxy)
17:40:52 <GeKo> or should we jump on the pluto2 train while we are at it?
17:41:19 <GeKo> (which implies the question whether pluto2 is actually ready for use as-is)
17:41:58 <sysrqb> i haven't looked at pluto, how does it intregrate with Android apps?
17:42:05 <sisbell> If we use pluto2, it will maintain compatibility with Orbot a bit better
17:42:20 <sisbell> But its not a huge deal to use other dependencies
17:43:01 <sysrqb> (but this sounds like a discussion we should have in stockholm with nathan)
17:43:14 <sisbell> What I gather is that pluto is native lib + installer
17:43:25 <sysrqb> diverging from orbot too much sounds like pain for us
17:43:52 <sysrqb> sisbell: okay, so similar to TOPL
17:43:57 <sysrqb> but dpecifically for PTs?
17:44:02 <sysrqb> *specifically
17:45:00 <sisbell> I need to dig further but what I see in Orbot, is the pluto2 dependency is added to gradle. And then there is an install method you can call which will handle that for you.
17:45:37 <GeKo> okay, i guess i'll get the discussion started with the guardian project folks based on where we are right now
17:45:46 <sisbell> I think the advantage is just keeping the versions in sync. The installation is pretty easy either way
17:45:56 <GeKo> and we can then decide a plan forward in stockholm
17:46:29 <sysrqb> sgtm
17:46:46 <sysrqb> thanks
17:47:04 <GeKo> sisbell: well, yes. we should keep in mind as well that it is worthwhile if we provide reproducible binaries/libs for other projects
17:47:29 <GeKo> so, it might be useful to have that as a factor, too, if we decide to head one way or another
17:47:43 <sysrqb> +1
17:48:08 <GeKo> it might e.g. be of quite some help if we helped the guardian project folks and briar etc.
17:48:29 <GeKo> with our artifacts but not if we moved into the "wrong" direction
17:48:38 <GeKo> okay, thanks for the input
17:48:47 <GeKo> sisbell: you are up
17:49:20 <sisbell> I think we hit the first two issues I have highlighted already
17:49:38 <sisbell> The remaining one is about which version of tor are we targeting
17:50:30 <sisbell> Orbot has moved to the 4.x versions
17:50:56 <GeKo> yes
17:51:10 <GeKo> i want to catch up as soon as we can with desktop
17:51:20 <GeKo> ideally building master in nightly builds
17:51:27 <GeKo> and alpha release in alpha builds
17:51:46 <GeKo> so, we should move faster here than orbot i think
17:52:09 <GeKo> in particular in order to get tor unstable code tested earlier on mobile platforms
17:52:18 <sisbell> It would be nice if we could feed our builds of tor to Orbot
17:52:31 <GeKo> that's been blocked so far on us getting our own tor built for android
17:52:33 <sisbell> Seems some duplicated efforts
17:52:38 <GeKo> sisbell: i agree
17:52:49 <GeKo> and i think the guardian projects folks would be happy about that
17:53:04 <GeKo> however, time and resoureces are scarce
17:53:09 <GeKo> *resources
17:53:16 <GeKo> in particular during the esr68 transotion
17:53:23 <GeKo> *transition
17:53:25 <sisbell> right
17:53:36 <GeKo> so i am a bit reluctant on how much we can commit here
17:53:45 <GeKo> but we could easily test what orbot ships in alpha releases
17:54:44 <GeKo> i am not sure we should move at once to 0.4.x on stable due to #30380
17:54:54 <sisbell> we could probably just strip out tor binaries in packaging phase and build a zip file of them. But that can be another discussion
17:55:09 <GeKo> yep
17:55:37 <GeKo> so having some alphas for mobile with 0.4.x and #30380 resolved
17:55:58 <GeKo> seems to me the way foward and if nothing explodes we start using it on stable as well
17:56:13 <GeKo> while we try in the medium term to catch up on the tor releases as we do for desktop
17:56:27 <GeKo> but i doubt we'll get to that part during the esr transition
17:56:38 <sisbell> cool, sounds good
17:57:51 <GeKo> sisbell: where are we with the esr68 android toolchain?
17:58:23 <GeKo> i am not sure if any of the "This Week" items is part of that
17:58:36 <GeKo> but nothing jumps out right now, so i thought about asking :)
17:58:37 <sisbell> I got a little side track with the other issues but I will check in the TOPL/tor-android-service changes this week
17:58:48 <sisbell> into RBM
17:59:10 <sisbell> or rather tor browser build
17:59:54 <GeKo> okay, sounds good
18:00:08 <sisbell> The latest gradle plugin has different logs so scraping the dependencies is a biut different
18:00:15 <GeKo> i am mostly concerned here about getting the firefox part properly compiled
18:00:48 <GeKo> but, yes, we probably need topl/tor-android-service changes, too
18:01:22 <sisbell> I'll get firefox dependencies in first and then see what breaks in firefox
18:02:13 <GeKo> sisbell: sounds good, please focus on that part as we can't start fixing the esr68 issues until we have some idea of a working toolchain at least
18:02:26 <sisbell> will do
18:02:33 <GeKo> thanks
18:02:43 <GeKo> tjr: thanks for the update
18:02:53 <GeKo> any link to the ftp:// timezone leak patch?
18:03:08 <tjr> 1 sec
18:03:13 <GeKo> i wonder whether that one is something we could test in the upcoming alpha
18:03:19 <tjr> https://bugzilla.mozilla.org/show_bug.cgi?id=1560574
18:03:42 <GeKo> thanks!
18:03:49 <tjr> it's not been reviewed; nor have i heard anything from gary other than seeing it go on bugzilla - but yeah seems pretty simple
18:04:01 <GeKo> i realized i should have filed all the recent finherprinting bugs in bugzilla as well
18:04:06 <GeKo> but, no time :(
18:04:36 <GeKo> so, any other comments/additions to the status update part?
18:05:40 <GeKo> okay, discussion items
18:05:43 <GeKo> i have one
18:05:58 <GeKo> we'll have a state of the onion thing at the dev meeting again
18:06:06 <GeKo> i forgot to mention this earlier
18:06:17 <GeKo> but hopefully it does not come to anyone's surprise
18:06:35 <GeKo> so what do we want to mention there apart from the mobile part?
18:06:45 <GeKo> i guess security settings redesign?
18:07:11 <GeKo> what else?
18:07:14 <pospeselr> incoming screen reader support?
18:07:21 <GeKo> yes
18:08:09 <mcs> maybe some forward looking things, e.g., Sponsor 27 onion services + esr68 transition?
18:10:24 <GeKo> indeed, good idea
18:10:46 <GeKo> as far as i know we have just one slot this time
18:10:59 <GeKo> so we could think about who wants to present for the team
18:11:32 <GeKo> but nothing we need to decide right now
18:12:05 <GeKo> i can do it this time after having argued for other folks stepping up in the past
18:12:20 <GeKo> but i'd be glad, too, if others are still stepping up :)
18:12:55 <pospeselr> i can do it this go around :)
18:13:04 <GeKo> done
18:13:10 <GeKo> pospeselr is it
18:13:15 <GeKo> :)
18:13:20 <GeKo> (thanks)
18:13:22 <sysrqb> :)
18:13:28 <mcs> indeed, thanks!
18:13:34 <GeKo> we'll help with the slides
18:13:51 <GeKo> and antonela could probably help us in turn with that
18:13:51 <pospeselr> woo
18:14:13 <GeKo> alright, anything else to discuss today?
18:14:32 <GeKo> just a reminder: we'll have a release week again
18:14:43 <GeKo> there are not so many patches for stable pending
18:14:48 <GeKo> i think just the banner
18:15:38 <GeKo> no, we should probably get #30849 into stable as well
18:15:50 <GeKo> as those are just pref flips and they fix sec-moderate bugs
18:16:16 <GeKo> i'd need a reviewer for that one
18:16:29 <pospeselr> oh hey, for those of us dropping down to 4 days a week, do we have an agreed upon day of the week for that?
18:16:41 <GeKo> (whom i can add to the sec bugs)
18:16:48 <GeKo> no we have not
18:17:15 <GeKo> and i heard there is no guidance in the sense that it is necessary to settle on a specific day
18:17:42 <GeKo> so, i am fine giving everyone the leeway to figure that out for themselves for now
18:18:09 <GeKo> if there will be issues that affect other team members of folks from other teams we'll revisit i guess
18:18:16 <pospeselr> alrighty
18:18:30 <GeKo> but so far i think "be mindful about the day you take considering others might depend on your work"
18:18:39 <GeKo> is the only guidance i have
18:19:19 <GeKo> however, if anyone of you is feeling strongly here i am fine too of doing someting else
18:19:22 <GeKo> *something
18:19:41 <GeKo> just speak up and we'll sort it out
18:19:52 <GeKo> (either or per any other channel)
18:20:05 <brade> not Mondays? ;-)
18:20:12 <pospeselr> heh
18:20:23 <GeKo> heh
18:20:39 <GeKo> "be mindful" :)
18:21:11 <GeKo> okay, anything else for today?
18:21:44 <sysrqb> not from me.
18:22:36 <GeKo> everyone seems to be happy ;)
18:22:40 <GeKo> thanks then *baf*
18:22:44 <GeKo> #endmeeting