#tor-dev log

19:02:33 <GeKo> #startmeeting
19:02:33 <MeetBot> Meeting started Mon Dec  8 19:02:33 2014 UTC.  The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:02:33 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
19:02:59 <GeKo> we'll see whether mikeperry is making it to the meeting...
19:04:18 <GeKo> before we start with te usual business: I want to talk about the plan to get patches merged to Mozilla back upstrem at the end of the meeting
19:04:49 <GeKo> we only have about 8 weeks left before ESR 38 is essentially frozen
19:05:11 <GeKo> which is not much given that it includes christmas time
19:06:13 <GeKo> so anybody can think about a startegy and the most important things we want to have upstreamed by then.
19:06:24 <GeKo> *strategy
19:06:26 <GeKo> ok
19:07:17 <GeKo> my last week was mainly occupied by releasing 4.0.2 and 4.5-alpha-2
19:08:01 <GeKo> overall it worked as it should and I am especially happy how we worked together as a team:
19:08:35 <GeKo> thanks for the reviews on short notice, Mark and Kathy and thanks for the help with the incremental updates Nicolas
19:08:50 <GeKo> and thanks to Mike for being awesome as usual
19:09:03 <MarkSmith> Teamwork == good.
19:09:18 <GeKo> yes, indeed
19:10:23 <GeKo> additionally I looked at #13439 and reviwed and merged #13881 spent some time with scary timing attacks #11333
19:10:45 <GeKo> and got some order in my tickets.
19:11:55 <GeKo> next week I am currently planning to spend a bit more on #11333 investigating #13877
19:11:56 <karsten> <y
19:12:18 <karsten> (oops) asn: thanks, will take a look tomorrow.
19:12:21 <GeKo> and working on #9387 + a bit on #10125.
19:13:15 <GeKo> oh I forgot I made a patch for the ReleaseProcess as well: #13916
19:13:25 <GeKo> that's it for me.
19:14:23 * MarkSmith can go next
19:14:35 <MarkSmith> Last week Kathy and I reviewed some fixes (#9387, #13439, #13671).
19:14:48 <MarkSmith> We also did some work on #13776 and #13379.
19:15:01 <MarkSmith> For #13379, we started planning the changes that we will need to make to libmar to add support for a more secure signature algorithm.
19:15:10 <MarkSmith> It is not clear if any Mozilla engineers are actively working on the bug GeKo filed
19:15:16 <MarkSmith> (https://bugzilla.mozilla.org/show_bug.cgi?id=1105689) but in any case Kathy and I do not
19:15:21 <MarkSmith> think we have time to wait for Mozilla to solve all of their transition / backwards compatibility issues.
19:15:29 <MarkSmith> Other opinions are welcome.
19:15:37 <MarkSmith> This week we will land a fix for #13776 and continue work on a better signature algorithm for #13379.
19:15:42 <MarkSmith> We can also help with code reviews, etc.
19:15:46 <MarkSmith> That's all for us.
19:16:10 <GeKo> I don't think we should wait for Mozilla here.
19:16:24 <GeKo> They have the problem that they already have SHA1 out there
19:16:40 <MarkSmith> There is some danger we could do something incompatibe with what they eventually do… but I am not sure they will move quickly.
19:16:43 <GeKo> but we don't have to deal with that with makes it easier on our side
19:16:50 <MarkSmith> Right.
19:17:31 <MarkSmith> Kathy and I will see what we can do to solve this for us and go from there.
19:17:39 <GeKo> sounds good
19:19:13 <MarkSmith> Who is next?
19:19:17 * boklm can go next
19:19:35 <boklm> So I worked on some patches to fix #13857
19:20:21 <boklm> I also worked on the setup of the testsuite on Windows, but it's not finished yet
19:20:31 <boklm> This week I'm planning to finish the Windows testsuite setup to have it run automatically
19:20:42 <boklm> I'm also planning to add a wiki page to document better the various tests we're running to make it easier to locate them
19:20:56 <boklm> that's it for me
19:21:24 <GeKo> did you have a chance to look at the issue why the fte tests are failing so foten for some bundles?
19:21:32 <GeKo> *often
19:22:13 <GeKo> the settings test is failing due to the security slider
19:22:24 <boklm> I didn't look in details, I'll try to do that this week
19:22:36 <GeKo> as the don't disable JIT anymore in the default setting
19:22:52 <GeKo> *we
19:22:53 <GeKo> ok
19:22:54 <boklm> ok
19:24:29 <qwerty1> (why not?)
19:25:04 <boklm> qwerty1: why not what ?
19:25:15 <qwerty1> disable jit
19:26:41 <GeKo> there are services broken due to that
19:26:54 <qwerty1> ok
19:28:39 <qwerty1> is there a bug#
19:30:21 <GeKo> qwerty1: mainly #9387
19:30:35 <GeKo> who is next?
19:30:37 * arthuredelstein can go next
19:31:00 <arthuredelstein> Last week I had limited time, but I wrote a patch for #13881
19:31:18 <arthuredelstein> This week I'll try and help with #13788
19:31:44 <GeKo> qwerty1: you mean broken services? at least #13069
19:32:16 <arthuredelstein> and try to finish my unit tests for domain storage isolation, etc
19:32:35 <GeKo> yay
19:32:57 <arthuredelstein> and hopefully helping with any other merging stuff
19:33:08 <arthuredelstein> That's it for me
19:33:15 <arthuredelstein> *Mozilla merging stuff
19:36:06 <GeKo> do we have anyone from support here by any chance?
19:39:45 <GeKo> thatht probably means: "no". so the merge plan: was is realistic? what should we aim for?
19:39:56 <GeKo> we have 7-8 weeks I guess
19:40:38 <arthuredelstein> I want to focus on merging, while of course, fixing any bugs in my alpha code
19:41:24 <MarkSmith> Does anyone have the URL handy to load the relevant Mozilla bugs?
19:42:00 <arthuredelstein> https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL%20whiteboard:[tor]
19:42:05 <MarkSmith> thx
19:42:29 <arthuredelstein> landing patches in Mozilla is tricky, though. It's difficult to predict how long each one will take.
19:44:09 <arthuredelstein> GeKo: Did you have something in mind regarding the ESR38 deadline? I suppose we can keep attempting to merge patches after that deadline as well.
19:44:27 <GeKo> arthuredelstein: if we could get your big patches for the domain isolation merged that might be good I think
19:44:40 <MarkSmith> I guess we need to balance "easy to land" vs. "will save us a lot of time later with patch maintenance/merging"
19:45:00 <GeKo> I am not sure bout the socks un/pw one though
19:45:34 <GeKo> but the other one giving a channel to the nsiprotocolproxyfilter seems promising
19:45:43 <arthuredelstein> The SOCKS one seems to require that I create an associated UI for Firefox. I am willing to do this, but not sure if that's a good use of my time
19:45:52 <arthuredelstein> from tor project's point of view
19:45:59 <GeKo> yes
19:46:10 <arthuredelstein> nsIProtocolProxyFilter is almost there, but I ran into a broken unit test that has proved tricky to fix
19:46:21 <arthuredelstein> Still puzzling over it
19:46:47 <GeKo> asking mcmanus might help he is pretty supportive
19:46:57 <arthuredelstein> True, he's extremely helpful
19:47:46 <GeKo> the other big thing we should try getting into mozilla-central is our third party isolation thing I guess
19:48:12 <GeKo> the things we have the preference for to toggle it on and off
19:49:34 <arthuredelstein> Yes. In looking at that, I think our patches may need some polishing. I see a lot of GetFirstPartyURI failures logged to browser console.
19:50:05 <arthuredelstein> For example for OCSP requests and favicons
19:50:06 <GeKo> starting with https://bugzilla.mozilla.org/show_bug.cgi?id=962326
19:51:16 <MarkSmith> The noise in the browser console is pretty bad.  mikeperry wanted all failures logged to help find problems, but maybe not so necessary now.
19:52:21 <GeKo> I wonder what Mozilla is willilng to live with here
19:52:30 <GeKo> *willing
19:53:14 <msvb-lab> MarkSmith: So without the changes Mike wanted TB console looks like regular ESR?
19:54:06 <GeKo> anyway, that are the big things I had in mind for the next weeks. not sure about smaller patches that are worth it
19:54:12 <MarkSmith> msvb-lab: I am not sure what you are asking.  Without the changes there should be no change to the logging ;)
19:54:37 <msvb-lab> Yep that was my question. I just haven't looked myself, so had to ask (that's why.)
19:55:17 <GeKo> I think my plan for the mozIThirdPartyUtils bug would be rebasing to mozilla-central and looking for someone at Mozilla's side for review
19:55:28 <GeKo> and then start addressing the review comments
19:55:40 <GeKo> not sure if that is a good approach, though
19:55:58 <MarkSmith> Looking at https://bugzilla.mozilla.org/show_bug.cgi?id=962326, I guess progress stalled because we did not find a clear owner/reviewer on the Mozilla side.
19:58:21 <atagar> http://arstechnica.com/security/2014/12/tor-privacy-service-used-in-a-majority-of-online-bank-heists-report-says/ => Nice of them to discuss wikipedia and google's special handling, and its negative consequences.
19:58:46 <arthuredelstein> I think it stalled because a review wasn't formally requested.
19:59:36 <GeKo> I agree.
20:00:14 <GeKo> So I might actually do that this week: rebase the patch and ask for review
20:00:23 <arthuredelstein> Here's my ticket regarding OCSP and favicons: https://trac.torproject.org/projects/tor/ticket/13670
20:00:41 <GeKo> we might see then what happens and whether the work we need to put into it is feasible for the ESR 38 deadline
20:00:54 <arthuredelstein> I feel like we should maybe fix #13670 before submitting to Mozilla.
20:01:05 <GeKo> ok.
20:01:13 <arthuredelstein> I would be happy to work on that, after my unit test task
20:01:40 <MarkSmith> arthuredelstein: Any idea how much effort it will take to fix #13670?
20:01:52 <MarkSmith> (I agree we should try to fix it first)
20:02:03 <MarkSmith> (before submitting to Mozilla)
20:02:31 <arthuredelstein> I don't really know. I had a quick glance and it looked a bit tricky.
20:02:44 <MarkSmith> OK
20:05:14 <GeKo> arthuredelstein: we need that anyway for Tor Browser so might be smart to look at it after the unittest.
20:05:49 <GeKo> you might put your issue with the nsiprotocolproxy unittest in the mozilla bug so others could work on it meanwhile or help debug it
20:06:01 <GeKo> so we are not blocked there
20:06:32 <arthuredelstein> GeKo: good suggestion
20:07:15 <arthuredelstein> And yes, I'll look at #13670 after the unittest
20:07:23 <GeKo> ok.
20:10:08 <GeKo> I'd actually hear mikeperry's ideas here to. So discussing this further next week might make sense
20:10:41 <GeKo> might be a way to examine the patches we have to find other ones worth trying to get into ESR 38
20:11:11 <GeKo> s/actually/actually like to/
20:11:15 <arthuredelstein> MarkSmith: Oops, didn't mean to add your CC on that ticket :)
20:11:21 <arthuredelstein> *remove
20:12:26 <MarkSmith> arthuredelstein: No problem.
20:12:45 <GeKo> ok, anything else for the meeting?
20:13:38 <MarkSmith> mikeperry said in his email: "We should have some
20:13:39 <MarkSmith> conversation about if we want to have a non-security 4.5-alpha-3 release
20:13:40 <MarkSmith> before the holdays with MAR signing and some of those other fixes that
20:13:41 <MarkSmith> didn't make it into 4.5-alpha-2, or if we want to hold off and do
20:13:42 <MarkSmith> nightly testing only."
20:13:59 <MarkSmith> But I would say until we have a fix for the signature issue (for MAR signing)
20:14:09 <MarkSmith> we need to wait on that decision / discussion.
20:14:44 <GeKo> I agree
20:15:15 <MarkSmith> I don't have anything else to discuss for now.
20:16:21 <GeKo> thanks for the meeting everybody
20:16:25 <GeKo> #endmeeting