17:30:56 <sysrqb> #startmeeting Tor Browser Team Meeting 14 October 2019
17:30:56 <MeetBot> Meeting started Mon Oct 14 17:30:56 2019 UTC.  The chair is sysrqb. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:30:56 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
17:30:59 <sysrqb> that one.
17:31:06 <sysrqb> Hello everyone!
17:31:07 <Jeremy_Rand_Talos> Potentially dumb question from me, the newbie: if I want to cover a topic in the discussion during a meeting, is putting it in the Discussion section of the pad considered the correct way to indicate that?
17:31:22 <Jeremy_Rand_Talos> (That's what I did but I wasn't sure if that's standard)
17:31:25 <sysrqb> yes
17:31:30 <Jeremy_Rand_Talos> ok great
17:31:58 <sysrqb> okay! I see some people are still adding their updates
17:32:03 <GeKo> Jeremy_Rand_Talos: if it's related to your status update you could mark it as bold
17:32:22 <pili> hi
17:32:22 <sysrqb> ah, yes, that is better, too
17:32:53 <sysrqb> We can start the meeting in 2 minutes
17:33:08 <Jeremy_Rand_Talos> GeKo, ah ok.  In this case it's something covered in last meeting's status update that we didn't have time to discuss last time.  Should I put it in my status update for this meeting and bold it?
17:33:48 * Jeremy_Rand_Talos is trying to follow convention but is not 100% sure what the convention is
17:33:52 <acat> hi!
17:34:41 <sysrqb> Jeremy_Rand_Talos: okay, if it's not currently in your weekly update, then you can add it in the discussion section
17:34:50 <Jeremy_Rand_Talos> ok, sounds good
17:34:52 <mcs> pili: I just typed over one of your items and undo is not working :( Please fix
17:34:58 <pili> ok :)
17:35:02 <mcs> (accident)
17:35:35 <sysrqb> Okay, let's get statrted
17:35:40 <sysrqb> *started
17:35:49 <sysrqb> GeKo: i bolded part of you update
17:36:05 <sysrqb> Did we decide if you're releasing a 9.0 for osx?
17:36:14 <sysrqb> or is that part of this week?
17:36:32 <sysrqb> err, *we're releasing (not only you)
17:36:39 <GeKo> i don't understant the 9.0 question
17:36:46 <GeKo> did you mean 8.5.7?
17:36:46 <boklm> a 8.5.7?
17:36:56 <sysrqb> oh
17:37:02 <sysrqb> right.
17:37:07 <sysrqb> sorry,i confused myself
17:37:08 <GeKo> well, we did not
17:37:28 <GeKo> new installs are broken
17:37:37 <GeKo> very likely due to notarization issues
17:37:50 <GeKo> (the 8.5.x series is not notarized yet)
17:38:01 <GeKo> yet already installed versions are okay it seems
17:38:17 <GeKo> we had 1 bug report so far i am aware of
17:38:22 <sysrqb> right
17:38:25 <GeKo> (a user in #tor)
17:38:39 <GeKo> which seems to indicate to me we can just ship 9.0 as a fix for that
17:38:57 <GeKo> which is the safer thing anyway
17:39:09 <sysrqb> okay, that's good
17:39:13 <GeKo> as no one knows whether the esr60-based release would work as expected
17:39:20 <GeKo> (it should, yes :) )
17:39:24 <mcs> brade and I hope to look at TB 8.5.5 on macOS 10.15 if we have time, but maybe it is not worth our time?
17:39:30 <mcs> (to see why it is failing)
17:39:35 <GeKo> you could
17:39:40 <GeKo> but don't waste too much time
17:39:46 <mcs> I like the “ship 9.0” solution but we will take a quick look
17:39:53 <GeKo> thanks
17:39:56 <sysrqb> +1
17:40:15 <GeKo> it's unfortunate
17:40:22 <GeKo> but it could have been way worse for us
17:40:36 <sysrqb> Okay, good, I'm glad we talked about this, despite messing up the version numbers
17:40:40 <sysrqb> yeah
17:40:47 <mcs> of course we do not know if the updater will work (8.5.5 to 9.0)
17:40:55 <mcs> fingers crossed....
17:41:36 <sysrqb> yeah
17:42:05 <sysrqb> it'd be nice if we can test the updating process before the release
17:42:19 <sysrqb> but i don't think we have that capability right now, correct?
17:42:52 <mcs> I was thinking we could test updating an older ESR60 alpha to an ESR68 alpha
17:42:54 <boklm> maybe we can test 8.5.5 to 9.0a8?
17:43:11 <sysrqb> ah
17:43:20 <sysrqb> mcs: smart
17:43:31 <sysrqb> boklm: i haven't tried, can you just change the update channel and it'll work?
17:43:48 <boklm> hmm, I'm not sure
17:44:02 <brade> boklm: I don’t think you can mix channels like that
17:44:06 <sysrqb> okay, it's something someone can test
17:44:13 <sysrqb> okay
17:44:32 <sysrqb> anything else on this before we move on?
17:45:01 <sysrqb> GeKo: mcs: brade: i'm assuming you're good on #27604
17:45:12 <GeKo> yes
17:45:23 <GeKo> thanks for taking this from my plate
17:45:32 <mcs> yes
17:45:37 <mcs> and no problem
17:45:42 <GeKo> mcs: brade: i am mostly worried that relocating is not failing hard now :)
17:46:09 <GeKo> but leaving users with broken extensions (that is noscript and https-e)
17:46:14 <GeKo> which would be bad
17:46:27 <GeKo> and we should avoid that
17:47:14 <mcs> GeKo: acknowledged. we will see what we find with 9.0
17:47:43 <sysrqb> okay, I have two questions. 1) wasm. I saw we're landing enabling asm.js in this release.
17:48:29 <sysrqb> i didn't see any obvious issues with wasm (and it seems the asm.js implementation is mostly wasm, but some minor changes)
17:48:50 <sysrqb> i feel more comfortable enabling wasm in an alpha first
17:49:03 <GeKo> wfm
17:49:04 <sysrqb> but i don't know if it's really worthwhile or if we should ship it in the stable
17:49:17 <GeKo> we could pick it up in 9.0.1
17:49:24 <GeKo> in case nothing explodes in 9.5a1
17:49:37 <sysrqb> yep, good, that's what i was thinking
17:49:42 <sysrqb> thanks
17:49:44 <GeKo> i think it's a big deal for getting this enabled
17:49:54 <GeKo> in particular with the patch tjr has been working on
17:51:07 <sysrqb> yeah, i saw that is coming soon
17:51:10 <sysrqb> very exciting
17:51:47 <sysrqb> my second question is for acat
17:52:03 <sysrqb> do you want #31730? i saw GeKo asked about putting it on your plate
17:52:19 <sysrqb> but i can take it this week, if you have other items you want to work on
17:52:44 <acat> i can take it, don't have so many items (for now) :)
17:52:53 <sysrqb> heh, okay, thanks :)
17:52:56 <sysrqb> i'll take it off my list
17:53:31 <sysrqb> okay, Jeremy_Rand_Talos, you're up
17:53:42 <sysrqb> (for weekly status update item)
17:54:15 <Jeremy_Rand_Talos> ok, so I noticed that tor-browser-build doesn't have a license right now
17:54:47 <Jeremy_Rand_Talos> am I correct in assuming that that's unintentional and that adding a license should be straightforward?
17:54:56 <GeKo> yes and yes
17:55:23 <Jeremy_Rand_Talos> ok great, so I can stop being worried that my patches to it are violating the All Rights Reserved default license
17:56:01 <sysrqb> yes. we don't roll like that :)
17:56:22 <sysrqb> okay, pospeselr you saw boklm's comment?
17:56:34 <pospeselr> yeah, just made #32066
17:56:40 <sysrqb> coolio
17:56:41 <boklm> thanks
17:56:54 <sysrqb> anything else for weekly updates?
17:57:21 <sysrqb> GeKo: do you want to lead the first two discussionpoints?
17:57:26 <sysrqb> *discussion points
17:57:36 <GeKo> i can do
17:57:59 <sysrqb> thanks
17:58:08 <GeKo> okay, we ned to figure out what the remaining items for 9.0 are we ant to fix (assuming nothing explodes in 9.0a8)
17:58:16 <GeKo> and who will work on those
17:58:31 <GeKo> i have a bunch of things on my radar
17:58:52 <brade> GeKo: url?
17:59:01 <GeKo> we should at least investigate the reproducibility issues we recently encouncerted
17:59:10 <GeKo> there is no url :)
17:59:15 <brade> ok
17:59:24 * boklm can take those
17:59:40 <GeKo> but we could look over https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-9.0-must, too
17:59:55 <GeKo> then we have #31730
18:00:04 <GeKo> which acat put on his plate
18:00:11 <GeKo> boklm: thanks
18:01:02 <GeKo> pospeselr: i added you to a moz sec bug like two weeks ago and honza asked me to verify that our file path proxy bypass protectin is still wokring
18:01:17 <GeKo> could you pick that up?
18:01:23 <pospeselr> yeah i can do that
18:01:32 <pospeselr> do you have a bug # ?
18:02:01 <GeKo> 1561912
18:02:22 <GeKo> + a general look at wireshark output while using tor browser would be helpful
18:02:37 <GeKo> i didthat a while back because a user reported weird things
18:02:44 <GeKo> like firefox doing direct connections to some ips
18:02:57 <GeKo> instead of only tor.exe doing those
18:02:57 <pospeselr> fun fun
18:03:03 <GeKo> but i did not find any
18:03:17 <GeKo> now that fellow is using some weird comodo dhit that is reporting this
18:03:24 <GeKo> *shit
18:03:35 <GeKo> very likely some false positive
18:03:48 <GeKo> but i like to be double-sure :)
18:04:11 <GeKo> acat: what do we want to do with #13543?
18:04:40 <GeKo> should we invest some energy to figure out whether there is a better spoofing option?
18:05:18 <GeKo> pospeselr: i guess the revisions for #31768 come first, though
18:05:25 <GeKo> err
18:05:26 <GeKo> #31286
18:05:49 <GeKo> anyway, that's all i had on my radar
18:05:53 <GeKo> anything i am missing?
18:06:20 <GeKo> the feeature review is almost done
18:06:43 <GeKo> there are some things i already filed bugs for and somethings that still need to get bugs
18:06:54 <GeKo> but overall nothing is too worrying right now
18:07:08 <GeKo> sysrqb: you look at the proxy bypass things for mobile?
18:07:09 <acat> i see #30017 in sysrqb's list, do we want that for 9.0?
18:07:34 <sysrqb> GeKo: yes, i'll finish test patches this week
18:07:52 <GeKo> okay, that would be good and a must for 9.0
18:07:59 <GeKo> acat: maybe
18:08:06 <GeKo> could be something for 9.5a1 -> 9.0.1
18:08:55 <GeKo> are we good with this point?
18:09:08 <sysrqb> GeKo: i'm also thinking about #24926, because apparently Tor Browser is advertising it is supported, but it doesn't work
18:09:20 <sysrqb> it's not critical, so other tickets will take priority
18:09:33 <sysrqb> but if we finish the other 9.0 tickets,i may look at it
18:09:39 <GeKo> yeah, i am fine taking this for 9.5aX
18:09:54 <sysrqb> okay
18:10:07 <sysrqb> i don't have anything else
18:10:32 <sysrqb> okay Jeremy_Rand_Talos
18:10:33 <GeKo> for anyone freaked out: we are close with 9.0. it does not look so bad, and it's just another work of work :)
18:10:48 <sysrqb> :)
18:10:53 <sysrqb> +1
18:10:58 <pospeselr> *freaking out intensifies*
18:10:59 <GeKo> s/work/week/
18:11:06 <pospeselr> lol
18:11:36 <GeKo> Jeremy_Rand_Talos: no, that's not a blocker
18:12:15 <GeKo> i don't think we need to have a thorough investigation here
18:12:32 <Jeremy_Rand_Talos> GeKo, ok great.  So we'll use the optimized root CA list in the initial merge?
18:12:57 <GeKo> i don't see anything that speaks against that right now
18:12:59 <sysrqb> it's only a few Kilobytes
18:13:06 <GeKo> and only nightly
18:13:10 <sysrqb> or, few 100K
18:13:19 <sysrqb> i doubt it'll make a large difference for nightlies
18:13:26 <GeKo> yeah
18:14:00 <GeKo> okay, so let me get to my other discussion point
18:14:09 <Jeremy_Rand_Talos> alright.  I'll plan to use the optimized root CA list.  Switching back to the full root CA list is a matter of flipping a boolean flag in tor-browser-build
18:14:16 <Jeremy_Rand_Talos> so it'll be easy to revert if we decide to
18:14:21 <GeKo> the post-9.0 work until the end of the end
18:14:23 <sysrqb> GeKo: oh, right, sorry!
18:14:26 <GeKo> Jeremy_Rand_Talos: sounds good!
18:14:31 <GeKo> no worries
18:14:51 <GeKo> i looked over the stickies we made in stockholm
18:15:14 <GeKo> and november and december look like there is not too much we noted tere
18:15:16 <GeKo> *there
18:15:46 <GeKo> i brainstormed a bit and came up with larger items we might want to tackle while the schedule is a bit more relaxed
18:15:52 <GeKo> that is #30570
18:16:01 <GeKo> #28325
18:16:07 <GeKo> #31660
18:16:13 <GeKo> and then there is the s27 work
18:16:25 <GeKo> and #18867 boklm is already working on
18:16:41 <GeKo> does that a) sound reasonable?
18:16:54 <GeKo> and/or b) is there somethiing i am issing here
18:16:58 <GeKo> *missing
18:17:19 <GeKo> but which we should be working on before the transition adventure starts?
18:17:57 <acat> wasn't there something for #30939, or was that next year?
18:17:58 <GeKo> (that's just for the larger chunks of work, no worries; there will be plenty of other stuff to do
18:18:12 <GeKo> like end of year fundraising)
18:18:28 <GeKo> acat: that's part of the otf proposal we try to submit
18:18:36 <GeKo> and we would work on it next year i think
18:19:03 <sysrqb> I mentioned this on the pad, but #31005 maybe something for us, too
18:19:22 <sysrqb> but I'm still working on uderstanding the scope and amount of time needed for it
18:20:19 <GeKo> well, i think we should have time to make a work plan
18:20:22 <sysrqb> and I may get a head-start on #29255
18:20:54 <mcs> It would be nice to get more contract work done before working on items where we have more freedom.
18:20:55 <mcs> I think there is a lot left to do for Sponsor 27, for example.
18:21:12 <mcs> (I don’t want us to be in a crunch near the end of a contract)
18:21:18 <GeKo> yeah, that might be smart
18:21:19 <sysrqb> +1
18:21:21 <pili> mcs: yup
18:21:23 <GeKo> pili: ^
18:21:31 <sysrqb> that was part of GeKo's list
18:21:32 <pili> definitely let's use the time to catch up on S27
18:21:44 <GeKo> might be worht figuring out tomorrow whether we can intensify tbb work
18:21:53 <GeKo> while not overly dependent on network-team speed
18:21:58 <sysrqb> but we can create a roadmap for what we can accomplish sooner
18:22:03 <sysrqb> yeah
18:22:04 <GeKo> or what the constraints here are
18:22:17 <GeKo> the meeting time unforuntately does not work for me
18:22:21 <pili> I have a rough one
18:22:22 <GeKo> (which is fine)
18:22:23 <pili> we can review it tomorrow
18:22:24 <pili> that's a rough roadmap for S27
18:22:31 <sysrqb> pili: great
18:22:38 <GeKo> good
18:23:24 <GeKo> sysrqb: could you add your other ticket to the list on the pad
18:23:40 <GeKo> so we have everything in one place?
18:23:55 <GeKo> if we don't have anything more on that topic that's it for me
18:24:29 <sysrqb> (adding)
18:24:39 <sysrqb> okay, anything else for this meeting?
18:24:50 <GeKo> (thanks, for some reason storm appears to be read-only right now for mw)
18:24:55 <GeKo> *me
18:25:13 <sysrqb> yeah, that happened for me too, i'm relaoding the page
18:25:24 <mikeperry> I just replied to sysrqb's questions on #31144
18:25:26 <sysrqb> hrm. that didn't help...
18:25:27 <mikeperry> GeKo: how are you on the feature review?
18:25:41 <sysrqb> thanks mikeperry
18:25:48 <mikeperry> do you need me to pick up any of that now?
18:26:51 <GeKo> i am mostly done
18:26:56 <GeKo> only firefox 68 is  missing
18:27:05 <GeKo> if you can pick this up today-ish
18:27:10 <GeKo> or tomorrow
18:27:12 <GeKo> that would help
18:27:30 <mikeperry> ok. what's the ticket to comment on?
18:27:37 <GeKo> #31591
18:28:16 <GeKo> i'll post my notes for firefox 61-67 inclusive later this week
18:28:38 <GeKo> i skimmed 68 and it does not look too bad
18:28:46 <GeKo> but it needs a closer look
18:29:49 <mikeperry> alright I'll look over it
18:29:50 <sysrqb> great. mikeperry, good?
18:29:54 <sysrqb> thanks
18:29:55 <GeKo> thanks
18:30:27 <sysrqb> okay, and with that I believe we reached the end of this meeting!
18:30:36 <sysrqb> have a good week everyone!
18:30:43 <sysrqb> #endmeeting