17:32:16 <GeKo> #startmeeting tor browser 07/01/2019 17:32:16 <MeetBot> Meeting started Mon Jul 1 17:32:16 2019 UTC. The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:32:16 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 17:32:22 <GeKo> antonela: sure 17:32:32 <sisbell> hi 17:32:38 <GeKo> welcome everyone to the first weekly meeting in july 2019 17:32:51 <GeKo> please add your items to the pad: https://storm.torproject.org/shared/tHoN4Ii7rLSjPE0OP4gydX4cMGadsXmRQNc-6lwru0N 17:33:16 <GeKo> and mark items to talk about into bold 17:33:29 <GeKo> s/about into/about/ 17:36:19 <GeKo> alright, let's get going 17:37:15 <GeKo> it seems i am first today 17:37:35 <GeKo> i have one item which might overlap with sisbell's first one 17:37:53 <GeKo> so, while reviewing boklm's really nice work over in #28672 17:38:07 <GeKo> i spent quite some time thinking about how we want to integrate the result into tor browser 17:38:30 <GeKo> i started to actually write patches for that but then stumbled over the more fundamental issue 17:38:47 <GeKo> the patch boklm has is based on _hc's which is for pluto2 17:38:56 <GeKo> https://github.com/guardianproject/AndroidPluggableTransports 17:39:07 <GeKo> this is the new way of dealing with pts it seems 17:39:42 <GeKo> and moves away from what we have right now, which is shipping a binary and using an approach which is similar to the desktop one 17:40:00 <GeKo> so, the question is what we should do here (now and later)? 17:40:15 <GeKo> should we try to build a snowflake client for now 17:40:30 <GeKo> and then adapt topl so we can use that client as well where needed 17:40:39 <GeKo> (in addition to obfs4proxy) 17:40:52 <GeKo> or should we jump on the pluto2 train while we are at it? 17:41:19 <GeKo> (which implies the question whether pluto2 is actually ready for use as-is) 17:41:58 <sysrqb> i haven't looked at pluto, how does it intregrate with Android apps? 17:42:05 <sisbell> If we use pluto2, it will maintain compatibility with Orbot a bit better 17:42:20 <sisbell> But its not a huge deal to use other dependencies 17:43:01 <sysrqb> (but this sounds like a discussion we should have in stockholm with nathan) 17:43:14 <sisbell> What I gather is that pluto is native lib + installer 17:43:25 <sysrqb> diverging from orbot too much sounds like pain for us 17:43:52 <sysrqb> sisbell: okay, so similar to TOPL 17:43:57 <sysrqb> but dpecifically for PTs? 17:44:02 <sysrqb> *specifically 17:45:00 <sisbell> I need to dig further but what I see in Orbot, is the pluto2 dependency is added to gradle. And then there is an install method you can call which will handle that for you. 17:45:37 <GeKo> okay, i guess i'll get the discussion started with the guardian project folks based on where we are right now 17:45:46 <sisbell> I think the advantage is just keeping the versions in sync. The installation is pretty easy either way 17:45:56 <GeKo> and we can then decide a plan forward in stockholm 17:46:29 <sysrqb> sgtm 17:46:46 <sysrqb> thanks 17:47:04 <GeKo> sisbell: well, yes. we should keep in mind as well that it is worthwhile if we provide reproducible binaries/libs for other projects 17:47:29 <GeKo> so, it might be useful to have that as a factor, too, if we decide to head one way or another 17:47:43 <sysrqb> +1 17:48:08 <GeKo> it might e.g. be of quite some help if we helped the guardian project folks and briar etc. 17:48:29 <GeKo> with our artifacts but not if we moved into the "wrong" direction 17:48:38 <GeKo> okay, thanks for the input 17:48:47 <GeKo> sisbell: you are up 17:49:20 <sisbell> I think we hit the first two issues I have highlighted already 17:49:38 <sisbell> The remaining one is about which version of tor are we targeting 17:50:30 <sisbell> Orbot has moved to the 4.x versions 17:50:56 <GeKo> yes 17:51:10 <GeKo> i want to catch up as soon as we can with desktop 17:51:20 <GeKo> ideally building master in nightly builds 17:51:27 <GeKo> and alpha release in alpha builds 17:51:46 <GeKo> so, we should move faster here than orbot i think 17:52:09 <GeKo> in particular in order to get tor unstable code tested earlier on mobile platforms 17:52:18 <sisbell> It would be nice if we could feed our builds of tor to Orbot 17:52:31 <GeKo> that's been blocked so far on us getting our own tor built for android 17:52:33 <sisbell> Seems some duplicated efforts 17:52:38 <GeKo> sisbell: i agree 17:52:49 <GeKo> and i think the guardian projects folks would be happy about that 17:53:04 <GeKo> however, time and resoureces are scarce 17:53:09 <GeKo> *resources 17:53:16 <GeKo> in particular during the esr68 transotion 17:53:23 <GeKo> *transition 17:53:25 <sisbell> right 17:53:36 <GeKo> so i am a bit reluctant on how much we can commit here 17:53:45 <GeKo> but we could easily test what orbot ships in alpha releases 17:54:44 <GeKo> i am not sure we should move at once to 0.4.x on stable due to #30380 17:54:54 <sisbell> we could probably just strip out tor binaries in packaging phase and build a zip file of them. But that can be another discussion 17:55:09 <GeKo> yep 17:55:37 <GeKo> so having some alphas for mobile with 0.4.x and #30380 resolved 17:55:58 <GeKo> seems to me the way foward and if nothing explodes we start using it on stable as well 17:56:13 <GeKo> while we try in the medium term to catch up on the tor releases as we do for desktop 17:56:27 <GeKo> but i doubt we'll get to that part during the esr transition 17:56:38 <sisbell> cool, sounds good 17:57:51 <GeKo> sisbell: where are we with the esr68 android toolchain? 17:58:23 <GeKo> i am not sure if any of the "This Week" items is part of that 17:58:36 <GeKo> but nothing jumps out right now, so i thought about asking :) 17:58:37 <sisbell> I got a little side track with the other issues but I will check in the TOPL/tor-android-service changes this week 17:58:48 <sisbell> into RBM 17:59:10 <sisbell> or rather tor browser build 17:59:54 <GeKo> okay, sounds good 18:00:08 <sisbell> The latest gradle plugin has different logs so scraping the dependencies is a biut different 18:00:15 <GeKo> i am mostly concerned here about getting the firefox part properly compiled 18:00:48 <GeKo> but, yes, we probably need topl/tor-android-service changes, too 18:01:22 <sisbell> I'll get firefox dependencies in first and then see what breaks in firefox 18:02:13 <GeKo> sisbell: sounds good, please focus on that part as we can't start fixing the esr68 issues until we have some idea of a working toolchain at least 18:02:26 <sisbell> will do 18:02:33 <GeKo> thanks 18:02:43 <GeKo> tjr: thanks for the update 18:02:53 <GeKo> any link to the ftp:// timezone leak patch? 18:03:08 <tjr> 1 sec 18:03:13 <GeKo> i wonder whether that one is something we could test in the upcoming alpha 18:03:19 <tjr> https://bugzilla.mozilla.org/show_bug.cgi?id=1560574 18:03:42 <GeKo> thanks! 18:03:49 <tjr> it's not been reviewed; nor have i heard anything from gary other than seeing it go on bugzilla - but yeah seems pretty simple 18:04:01 <GeKo> i realized i should have filed all the recent finherprinting bugs in bugzilla as well 18:04:06 <GeKo> but, no time :( 18:04:36 <GeKo> so, any other comments/additions to the status update part? 18:05:40 <GeKo> okay, discussion items 18:05:43 <GeKo> i have one 18:05:58 <GeKo> we'll have a state of the onion thing at the dev meeting again 18:06:06 <GeKo> i forgot to mention this earlier 18:06:17 <GeKo> but hopefully it does not come to anyone's surprise 18:06:35 <GeKo> so what do we want to mention there apart from the mobile part? 18:06:45 <GeKo> i guess security settings redesign? 18:07:11 <GeKo> what else? 18:07:14 <pospeselr> incoming screen reader support? 18:07:21 <GeKo> yes 18:08:09 <mcs> maybe some forward looking things, e.g., Sponsor 27 onion services + esr68 transition? 18:10:24 <GeKo> indeed, good idea 18:10:46 <GeKo> as far as i know we have just one slot this time 18:10:59 <GeKo> so we could think about who wants to present for the team 18:11:32 <GeKo> but nothing we need to decide right now 18:12:05 <GeKo> i can do it this time after having argued for other folks stepping up in the past 18:12:20 <GeKo> but i'd be glad, too, if others are still stepping up :) 18:12:55 <pospeselr> i can do it this go around :) 18:13:04 <GeKo> done 18:13:10 <GeKo> pospeselr is it 18:13:15 <GeKo> :) 18:13:20 <GeKo> (thanks) 18:13:22 <sysrqb> :) 18:13:28 <mcs> indeed, thanks! 18:13:34 <GeKo> we'll help with the slides 18:13:51 <GeKo> and antonela could probably help us in turn with that 18:13:51 <pospeselr> woo 18:14:13 <GeKo> alright, anything else to discuss today? 18:14:32 <GeKo> just a reminder: we'll have a release week again 18:14:43 <GeKo> there are not so many patches for stable pending 18:14:48 <GeKo> i think just the banner 18:15:38 <GeKo> no, we should probably get #30849 into stable as well 18:15:50 <GeKo> as those are just pref flips and they fix sec-moderate bugs 18:16:16 <GeKo> i'd need a reviewer for that one 18:16:29 <pospeselr> oh hey, for those of us dropping down to 4 days a week, do we have an agreed upon day of the week for that? 18:16:41 <GeKo> (whom i can add to the sec bugs) 18:16:48 <GeKo> no we have not 18:17:15 <GeKo> and i heard there is no guidance in the sense that it is necessary to settle on a specific day 18:17:42 <GeKo> so, i am fine giving everyone the leeway to figure that out for themselves for now 18:18:09 <GeKo> if there will be issues that affect other team members of folks from other teams we'll revisit i guess 18:18:16 <pospeselr> alrighty 18:18:30 <GeKo> but so far i think "be mindful about the day you take considering others might depend on your work" 18:18:39 <GeKo> is the only guidance i have 18:19:19 <GeKo> however, if anyone of you is feeling strongly here i am fine too of doing someting else 18:19:22 <GeKo> *something 18:19:41 <GeKo> just speak up and we'll sort it out 18:19:52 <GeKo> (either or per any other channel) 18:20:05 <brade> not Mondays? ;-) 18:20:12 <pospeselr> heh 18:20:23 <GeKo> heh 18:20:39 <GeKo> "be mindful" :) 18:21:11 <GeKo> okay, anything else for today? 18:21:44 <sysrqb> not from me. 18:22:36 <GeKo> everyone seems to be happy ;) 18:22:40 <GeKo> thanks then *baf* 18:22:44 <GeKo> #endmeeting