#tor-meeting2 log

17:32:18 <GeKo> #startmeeting tor browser 3/32/2019
17:32:18 <MeetBot> Meeting started Mon Apr  1 17:32:18 2019 UTC.  The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:32:18 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
17:33:08 <GeKo> hello everyone
17:33:24 <mcs> hi to all and welcome to acat
17:33:26 <pili> Nice April fools
17:33:27 <GeKo> acat: a special welcome to you!
17:33:39 <GeKo> our meeting pad is at https://storm.torproject.org/shared/tHoN4Ii7rLSjPE0OP4gydX4cMGadsXmRQNc-6lwru0N
17:33:47 <GeKo> we'll start with status updates as usual
17:33:53 <GeKo> please read through the items
17:34:00 <GeKo> and mark those bold you want to talk about
17:34:07 <antonela> welcome acat!
17:34:13 <GeKo> (step 0 add your items to the pad :) )
17:34:24 <mcs> “Week of March 32” made my day (so far)
17:34:41 <GeKo> yeah
17:35:38 <sisbell> I need 25 hour day too
17:35:42 <acat> antonela: thanks! :)
17:36:48 <GeKo> alright
17:37:05 <GeKo> as i see we don't have any bold items
17:37:16 <sysrqb> is part of pospeselr's missing?
17:37:46 <GeKo> seems so
17:37:50 <GeKo> (at least for me)
17:37:57 <brade> me too
17:38:07 <GeKo> so the single-most important item for this week is getting the alpha release going
17:38:33 <GeKo> https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=merge_ready&status=needs_information&status=needs_review&status=needs_revision&status=new&status=reopened&keywords=~tbb-8.5-must-alpha&order=priority has the tickets
17:38:57 <brade> when is the code freeze?
17:38:59 <GeKo> the vast majority is in needs_review
17:39:06 <GeKo> as soon as we have everything we need
17:39:17 <GeKo> that includes #28329 and friends
17:39:26 <GeKo> a dn #27609 and friends
17:39:36 <GeKo> and #29768
17:39:37 <sysrqb> ack
17:39:58 <GeKo> those are the remaining blockers (modulo getting everything reviewed and merged)
17:40:25 <GeKo> for #29246 we need giorgio, so we can postpone it
17:40:25 <mcs> ack for #29768 too
17:41:18 <GeKo> and depending on when we have things ready and out
17:41:23 <GeKo> we can think about the stable date
17:41:43 <GeKo> sysrqb: i guess i have a nother crash for you :(
17:41:52 <GeKo> i'll open a ticket later on i think
17:41:55 <sysrqb> uh oh
17:42:02 <sysrqb> okay, thanks
17:42:35 <GeKo> sysrqb: https://blog.torproject.org/comment/280338#comment-280338 is the convo that contains all the info i have so far
17:42:47 <sysrqb> kk, *looks*
17:43:00 <GeKo> i don't see it on my 6.0 system, so not sure what's actually up, alas
17:43:25 <GeKo> okay, do we have anything else for status updates?
17:43:41 <GeKo> sisbell: if we/i can hep you with anythinig let me know
17:43:45 <pili> brade: re code freeze, I would say mid April if we release end of April?
17:43:56 <pili> I think that was what we had discussed during the release meeting
17:44:07 <GeKo> it seems your items might still require the most work of the three mentioned
17:44:08 <sisbell> GeKo: sure, I think I have it covered for now. Just one issue left I know off
17:44:16 <pili> but let me double check the backlog
17:44:20 <GeKo> okay :)
17:44:42 <GeKo> pili: well it's abuot the freeze for the alpha i thought
17:44:53 <GeKo> *about
17:44:57 <pili> ah, ignore me then
17:45:08 <GeKo> and that's basically as soon as the patches are written :)
17:46:07 <GeKo> okay, discussion items anyone?
17:47:00 <sysrqb> i guess i can mention one
17:47:09 <sisbell> Until we get the native unpacking issue solved, we can't support latest Android Q. But I'd like to push that off until next release
17:47:24 <sysrqb> as some of you know, i had a discuss with someone from cloudflare today
17:47:32 <GeKo> sisbell: yes, please
17:47:36 <sysrqb> sisbell: well, we have a few months before Q is a problem
17:47:43 <sysrqb> so defintiely not a priority right now
17:47:48 <sisbell> cool
17:47:50 <GeKo> and filing a follow-up bug would be good
17:47:59 <GeKo> o/
17:48:02 <sysrqb> \o/ pospeselr
17:48:21 <antonela> lol
17:48:28 <antonela> \o\
17:48:33 <sysrqb> one item that was mentioned is tor browser (firefox) with alt-srv
17:48:52 <sysrqb> and whether we'd consider automatically reloading a page if we receive a .onion alt-srv
17:49:10 <sysrqb> it was definitely degrade the UX a little
17:49:29 <sysrqb> because that adds multiple round-trips before the user sees the page load
17:50:12 <sysrqb> but it may be benefitial, in particular for cloudflare sites
17:50:59 <sysrqb> i'm not sure if anyone has immediate opinions about this :)
17:51:44 <GeKo> why should we want to do that?
17:51:45 <antonela> we had a lot of discussions about it before, maybe we can discuss all this thing again
17:52:57 <sysrqb> it was force all tor traffic through the onion service
17:53:00 <GeKo> i wonder whether that's some sort of #27502?
17:53:18 <antonela> or #21952
17:53:34 <GeKo> antonela: no
17:53:45 <GeKo> that's redirects chaning the url bar domain
17:54:00 <GeKo> but alt-src works below
17:54:07 <antonela> i see
17:54:11 <GeKo> not changing the security context
17:54:14 <sysrqb> therefore users wouldn't be impacted by abuse coming from the same exit node as them
17:54:33 <sysrqb> cloudflare can handle abuse separately from the exit node IP address
17:54:38 <GeKo> sysrqb: but you'd do the first request without the .onion anyway
17:54:39 <GeKo> yes i know
17:54:52 <GeKo> because there is no alt-svc mapping there yet
17:55:01 <sysrqb> this was raised in the context of not handling tor browser's UAS specially
17:55:19 <sysrqb> right, but you receive the alt-svc in the first response
17:55:25 <GeKo> and then you'd use that mapping for subsequent requests
17:55:36 <sysrqb> right
17:55:45 <GeKo> yes, but then the browser should switch over automatically
17:55:54 <GeKo> or could :)
17:55:57 <sysrqb> except here, the subsequent requests would include resending the most-recent request
17:56:11 <sysrqb> right :)
17:56:36 <GeKo> ah, i see
17:56:45 <sysrqb> there's also a time out preiod, iirc, where the browser only uses the alt-svc after the current channel times out
17:56:50 <sysrqb> *period
17:57:00 <GeKo> so you send the request until you get the onion and only *then* the response gets sent over it
17:57:42 <GeKo> but i don't see how that is buying you anything
17:58:08 <sysrqb> hrm, i don't think that was exactly what they were thinking
17:58:27 <sysrqb> i think CF would still send the response on the first request connection
17:58:33 <sysrqb> but maybe the browser ignores it
17:58:42 <sysrqb> or closes that connection before the full respoonse arrives
17:58:55 <sysrqb> and then it resend the request on the alt-svc
17:59:10 <sysrqb> or, maybe because it's already receiving the request on this connection, it waits until that completes
17:59:25 <sysrqb> and then all subsequent requestss go over the alt-scv
17:59:26 <GeKo> okay, so it it's not #27502
17:59:47 <GeKo> then the first step would be getting a ticket with some background into trac
18:00:03 <GeKo> and then we'll could see what we can do
18:00:16 <sysrqb> sounds like a good plan
18:00:19 <GeKo> i think we could put it onto our sponsor27 queue
18:00:33 <GeKo> which means we could think spending some of our funding for it
18:01:07 <GeKo> there are various .onion services pieces/alt-svc pieces already on it
18:01:18 <GeKo> see https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=merge_ready&status=needs_information&status=needs_review&status=needs_revision&status=new&status=reopened&sponsor=%5ESponsor27&col=id&col=summary&col=keywords&col=status&col=owner&col=type&col=priority&order=priority
18:02:28 <sysrqb> lots of work
18:02:51 <pili> +1 to adding under S27
18:03:09 <GeKo> yeah, but very worthwhile :)
18:03:40 <GeKo> okay, anything else for today?
18:03:59 <pospeselr> o/ I'm here if I missed anything important in the first 20 minutes
18:04:10 <sysrqb> everything important
18:04:13 <pospeselr> ohi
18:04:21 <pospeselr> oh dear*
18:04:34 <sysrqb> we all laughed at your date joke while you weren't here
18:04:41 <antonela> good one pospeselr
18:04:43 <GeKo> i am calling it then folks. thanks everyone *baf*
18:04:45 <brade> pospeselr: then we assigned you all of the bugs in the above query
18:04:50 <antonela> hahah
18:04:53 <GeKo> it'll make it in the meeting logs
18:04:53 <pospeselr> oh noooo
18:04:56 <sysrqb> lol
18:04:57 <GeKo> brade: +1
18:05:07 <sysrqb> glhf
18:05:10 <GeKo> that'll solve all out problems
18:05:17 <GeKo> *our
18:05:22 <GeKo> #endmeeting