19:01:29 <isis> #startmeeting 19:01:29 <MeetBot> Meeting started Mon Nov 10 19:01:29 2014 UTC. The chair is isis. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:01:29 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 19:01:36 <MarkSmith> There shoud be one.... 19:01:40 <isis> YES I WIN 19:01:46 * sherief is around 19:02:03 <boklm> hello 19:02:16 <isis> hello all! 19:03:13 <isis> last week i did not do much because i got poisoned and started having an autoimmune reaction 19:03:36 <isis> the only thing useful that i did for TB stuff was review arthuredelstein's patch for #13671 19:03:54 <isis> ok, does someone else want to go next? 19:03:58 * MarkSmith Hopes you are better now! 19:04:00 <Yawning> *lurks* 19:04:11 <isis> MarkSmith: thanks, i think so! 19:05:18 <sherief> There is nothing to to report at the help desk side. However, we need to create videos for TB and we can't do that without swapping helix's key #13677 19:06:53 <MarkSmith> I am not sure who can comment on the signing key issue other than mikeperry or GeKo.... 19:06:55 <mikeperry> last week I tried to merge everyting to release 4.5-alpha-1, but the circuit UI and a couple other things proved troublesome. I also gave a talk at Mozilla about reproducible builds on wednesday, and talked to them about their 10 year firefox anneversary this week 19:07:13 <sherief> yeah.. I had hoped that at least one will show up 19:07:20 <GeKo> I am here 19:07:23 <sherief> nice! 19:08:06 <mikeperry> this week I hope to get 4.5-alpha-1 finally packaged, and then write our year-end report.. or maybe in the other order, depending 19:09:02 <GeKo> sherief: #6540 won't definitely happen before we switch keys and #3861 probably neither. 19:09:24 <GeKo> err, will definitely not happen 19:09:38 <Yawning> mikeperry: aw I wanted to see the alpha soon-ish ;_; 19:10:21 <sherief> GeKo: Ok. We will create videos once the key switch happen 19:10:40 <sherief> the problem is that karsten didn't tell us when are the videos needed 19:10:52 <mikeperry> is the deadline december or june for those videos? 19:11:52 <sherief> We don't know. I will write karsten an email and answer in #13677 19:14:11 <Yawning> I caused trouble for the browser people by filing bugs about the circuit display. >.> 19:15:02 <mikeperry> yeah. that and some last minute backports delayed us 19:15:03 <Yawning> And I wrote or-ctl-filter in a moment of massive tinfoil hattery 19:15:09 <Yawning> sorry >.> 19:15:57 <GeKo> you don't need to be sorry for or-ctl-filter 19:16:25 <GeKo> here is what I did: 19:17:29 <GeKo> I provided feeback for the updated tor-browser spec 19:17:44 <GeKo> I backported and tested a fix for #13558 19:18:22 <GeKo> I tested/merged/and upstreamed two gitian-builder patches done by Lunar 19:18:37 <GeKo> I tried to get 4.5-alpha-1 in a releasable shape 19:18:45 <GeKo> I reviewed #13762 19:19:00 <GeKo> err #13672 19:19:51 <GeKo> I worked oon LXC build issues and tested Lunar's patch + took a step at libgmp build issues (while I am at it) 19:19:59 <GeKo> #12238, #13588, #13055 19:20:23 <GeKo> and I looked at upstreaming Firefox build patches #13420 19:20:51 <GeKo> turned out 2 out of 3 are already fixed and I plan to write the missing one this week 19:21:58 <GeKo> Additionally, I want to implement security slider related feedback, get 4.5-alpha-1 out and land LXC build related patches. 19:22:02 <mikeperry> ok. I've noticed that boklm's tests still report hardening warnings. is that #13055, or are there other things too? 19:22:12 <GeKo> that's it for now. 19:22:35 <GeKo> there are other things, too, mainly #13056 19:22:56 <GeKo> and then there is PIE stuff due to Go 19:23:53 <mikeperry> I think the Go people are against hardening their runtime for strange reasons 19:24:40 <GeKo> yes 19:24:50 <mikeperry> apparently they don't believe in DiD. they think Go is magically safe from any form of exploitation (which I highly doubt) 19:25:29 <Yawning> ;_; 19:27:05 * MarkSmith can go next 19:27:19 <MarkSmith> Last week Kathy and I finished fixing #13594 (merged by Mike for 4.5-alpha-1). 19:27:27 <MarkSmith> We spent some time debugging update issues and reviewing the change boklm made to help address #13685. 19:27:36 <MarkSmith> We spent the rest of our time working on #13379. 19:27:45 <MarkSmith> The current status is that we have backported patches from three different Mozilla bugs and we are in the process of testing and fixing issues related to signed MAR verification. 19:28:00 <MarkSmith> The messiest code-related problem yet to be solved is shared library dependencies. 19:28:18 <MarkSmith> In TB 4.0.1, the updater only depends on system libraries (plus msvcr100.dll and libssp-0.dll on Windows). 19:28:26 <MarkSmith> But adding sig verification adds dependencies on NSS and NSPR libraries. 19:28:48 <MarkSmith> We will continue working on those issues this week. That's all for now. 19:30:02 * boklm can go next 19:30:24 <boklm> Last week, I worked on a patch to address #13685 (Transition away from 32bit OS X), and started working on automatically rebasing tor-browser patches on gecko-dev master. 19:30:38 <boklm> I started doing what I described in this mail: https://lists.torproject.org/pipermail/tbb-dev/2014-November/000172.html 19:31:05 <boklm> which gives us an output page like this, with a list of rebased / not rebased commits: https://people.torproject.org/~boklm/tmp/tests/r/MkzWprrqJK/browser-rebase.html 19:31:33 <boklm> Currently, we have many patches that cannot be rebased automatically, although I did not try yet with -Xpatience. 19:32:21 <boklm> this week I plan to continue working on that 19:32:53 <boklm> that's it for me 19:34:38 <mikeperry> boklm: you might have more success if you exported the patches as git format-patch and used patch. it is less fussy than git, but also more likely to introduce mis-ppatching 19:35:14 <mikeperry> could use git format-patch with lots of context.. patch will allow some fuzz (mismatched lines) 19:35:49 <mikeperry> more patched might also survive if we continually rebased them from release to release? 19:36:33 <boklm> I think git should be able to apply more patches than patch, because it knows history 19:37:56 <mikeperry> it is way more sensitive to conflicts though. I think it allows 0 fuzz 19:38:19 <boklm> I can try to see what is the result with patch 19:38:22 <mikeperry> and of course, if you did patchm you'd have to have some goop to re-commit after each application (and also be sure to git add new files) 19:39:26 <boklm> I will also try with git and -Xpatience 19:40:21 <mikeperry> ok 19:41:33 <mikeperry> arthuredelstein: how goes the circuit UI? 19:42:08 <GeKo> see his mail to tbb-dev 19:42:17 <GeKo> he is probably not here today 19:43:25 <mikeperry> ah 19:44:30 <mikeperry> hrmm.. well I guess we need to decide what we want to do about #13671 and #13672 then 19:44:43 <mikeperry> wait, or release without them? 19:44:51 <mikeperry> or merge the partial work as-is? 19:44:58 <GeKo> without them, I'd 19:45:01 <GeKo> say 19:45:42 <MarkSmith> For an alpha, it seems OK to mention the issues in the release notes. 19:46:22 <MarkSmith> We just need to try to get adequate feedback. How many 4.5 prereleases are planned (alpha, beta, …)? 19:46:35 <mikeperry> yeah. ok. does that mean we go with tor-browser-bundle commit f8c894726f58bbcde03bb204228d8fa8976c4b5b? 19:46:44 <mikeperry> I think I have that one build already 19:46:53 <mikeperry> f6ca2eeb0dbda5d99851732c256c05d6015258c1f0bb263e447a4e03b7e62dcb 4.5-alpha-1/sha256sums.txt 19:47:02 <GeKo> no 19:47:51 <mikeperry> oh, the pinning backport isn't in that 19:47:52 <GeKo> we need a tag for the updated cert pinning patch and then an update to the versions.alpha file 19:47:56 <GeKo> yes 19:48:31 <GeKo> and we need a torbutton update with updated locales for the preferencedialog 19:48:39 <GeKo> containing security slider related things 19:49:41 <isis> mikeperry: there's also a torbutton patch in #13504 which removes non-operational, non-public bridges from the bundle 19:50:07 <isis> or wait tor-browser-bundle.git patch 19:51:45 <mikeperry> ok, it looks like transifex gave me new DTD entities for the slider for our core locales 19:53:16 <mikeperry> ok, so then the plan will be to restart the build, rebuilding the browser and rebundling 19:53:20 <mikeperry> I will have tags up shortly 19:53:25 <Yawning> \o/ 19:54:29 <isis> do we have an estimate on the number of pre-releases before 4.5 is production-ready? 19:55:14 <mikeperry> when it's ready... 19:55:27 <GeKo> and sooner if you help :) 19:55:55 <Yawning> "Soon(TM)" 19:56:06 <GeKo> yeah, that one 19:56:23 <mikeperry> I want mar signing and pinning to work.. those both may have surprise issues. we'll want to try at least one update after both of those are merged 19:57:11 <mikeperry> and mar signing is not going into 4.5-alpha-1, so I'd guess at least 2 more alphas before we can call it stable 19:57:18 <isis> hmm… it might help with planning and spacing out tasks and tickets, and knowing how many chances there will be to test a patch set, and stuff and things like that, if there were even an arbitrary number of prereleases 19:57:18 <MarkSmith> right 19:57:26 <MarkSmith> (>= 2 more releases) 19:57:46 <isis> ok, arbitrary number is >=2. that works. :) 19:58:09 <MarkSmith> stuff that we want for 4.5 should be merged as soon as it is ready, once alpha-1 is out the door 19:58:28 <MarkSmith> e.g., #13504 19:59:18 <isis> that one's an easy review and merge, it can go in anytime. no rush. 19:59:37 <isis> err, anytime as long as it makes it into the next stable, please. 20:00:28 <isis> actually, i have a BridgeDB ticket to file concerning the TB default bridges… 20:01:51 <mikeperry> ok, I pushed the versions file update to origin/master in tor-browser-bundle 20:01:55 <mikeperry> and also updated the changelog 20:03:34 <mikeperry> anything else for the meeting? if everyone likes 9495a912a89f4dd17fd04231da21d39cc928742d I will start building right afterwords 20:04:21 <GeKo> looks good to me 20:05:39 <mikeperry> ok, I am starting the build with make clean-browser && make prep-alpha && make build-alpha 20:05:54 <mikeperry> I think we're also done for the meeting today 20:06:01 <isis> do i get to baf or you? 20:06:11 <mikeperry> isis: you have to #endmeeting because you're a jerk and a meeting stealer 20:06:35 <isis> i know! but *you* have to baf because i didn't steal your e-gavel 20:06:54 <mikeperry> sigh 20:06:57 <mikeperry> *baf* 20:07:01 <isis> :D 20:07:04 <isis> #endmeeting