19:00:44 <GeKo> #startmeeting tor-browser 19:00:44 <MeetBot> Meeting started Mon Mar 21 19:00:44 2016 UTC. The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:00:44 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 19:00:51 <GeKo> hello everybody 19:01:13 <boklm> hi 19:01:16 <arthuredelstein> hi 19:01:30 <GeKo> i can go first today 19:02:49 <GeKo> last week if fought with my internect connectivity and with a "chemspill" Mozilla release and investigated #18577 19:03:09 <GeKo> moreover, i testest and merged the pieces for #13252 we have so far 19:03:40 <GeKo> i spent time with the GSoC applications and the bulk of my time went into the esr45 feature review 19:04:07 <GeKo> i went through all the dev docs and opened tickets for (possible) issues i've found 19:04:20 <GeKo> a second pair of eyes would be helpful 19:05:28 <GeKo> i've priorizied the tickets for 6.0a5 with tbb-6.0a5 19:05:30 <GeKo> https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-6.0a5 19:05:54 <GeKo> we should discuss later if that makes sense and think about dividing the workload 19:06:29 <GeKo> this week i plan to help with the esr45 branch and might try some builds 19:06:42 <GeKo> then i start with the tbb-6.0a5 stuff 19:07:07 <GeKo> probably some GSoC stuff needs to get done and i hope to find some time for the developer doc 19:07:12 <GeKo> that's it for me. 19:10:59 * boklm can go next 19:11:13 * arthuredelstein can go after boklm 19:11:30 <boklm> This past week I helped with the unexpected new release. I converted some tests to marionette on #16009 and added support for OSX. 19:11:36 <boklm> This week I'm planning to merge my marionette branch to master to start using it. Work on #18597 and #18569. Look at the GSoC applications. 19:11:47 <boklm> That's it for me. 19:13:29 <arthuredelstein> Last week I worked on #15197. I have a full branch which I will post later today. So far I haven't been able to test the full build because of #18127. I also reviewed some of the patches for #13252. 19:14:08 <arthuredelstein> This week I will work on writing some regression tests for the #15197 branch as well as anything else needed for ESR45. 19:14:27 <arthuredelstein> That's it for me. 19:15:07 <mikeperry> I have been performing the TBB network audit. I am through the NSPR calls, and about to start on the XPCOM stuff. After that, all that remains is Android, and I think Amogh is handling that 19:15:32 <mikeperry> I found some thing that need deeper investigation, and some things that need to be preffed off or patched 19:16:01 <mikeperry> (fo example, the DOM push service appears capable of using UDP) 19:16:55 <GeKo> but that is part of service workers which are disabled in esr45, no? 19:18:12 <GeKo> but yes, we should make sure nothing is leaking even with service workers disabled 19:18:41 <mcs> what was Mozilla 19:19:00 <mcs> what was Mozilla’s reason for disabling service workers in ESR45? 19:19:21 <mcs> (too experimental?) 19:19:35 <GeKo> tha the api is likely changing too much in the near future 19:19:45 <mcs> OK. Good to know. 19:19:46 <GeKo> so, yes 19:21:02 <mikeperry> ServiceWorkers are crazy powerful. there were also some vulnerabilities related to their power allowing surprising things to happen in the browser 19:21:31 <mikeperry> we are probably going to need to stay away from them for quite a while, I think. they are very hard to analyze for the normal browser threat model, let alone ours 19:21:49 <GeKo> indeed 19:21:56 <arthuredelstein> I agree as well 19:24:56 <mikeperry> I also have a question about #13252 after everyone is done. but I think we have more updates? 19:25:07 * mcs will give an update now 19:25:15 <mcs> Last week, Kathy and I revised some of our patches for #13252. 19:25:20 <mcs> We worked on #18495 but have not found a solution yet. 19:25:28 <mcs> We reviewed the patches for #18466 and #18557. 19:25:37 <mcs> This week we will work more on repackaging FTE (advice from Python experts is welcome). 19:25:43 <mcs> We will also help GeKo with any #13252 build and signing issues that come up. 19:25:48 <mcs> This week we also plan to look at other ff45-esr tickets and triage some bugs that we have been ignoring (such as #18330). 19:25:54 <mcs> That’s all for us. 19:26:46 <GeKo> er #13252. mike had some worries similar to teor's comment 23 about write protected dirs 19:27:11 <GeKo> how bad is the current design for people having Tor Browser in /Applications? 19:27:27 <GeKo> does that fail totally? 19:27:50 <mcs> They need to have write access, same as today. Or similar to today. 19:29:02 <mcs> I guess the scenario to worry about is if someone can install in /Applications but not write there? 19:29:27 <GeKo> yes 19:29:48 <GeKo> not sure how prevalent this one is on OS X though 19:29:51 <mikeperry> yes, I am worried in particular about users who already installed in /Applications by entering their admin password, which actually gives them write access to TorBrowser.app 19:29:57 <mcs> Probably Kathy and I (or someone) should test on a Mac OS system where the logged in user does not have write access to /Applications. I am not sure how common that is though. 19:30:09 <mcs> ah, OK. 19:30:12 <mikeperry> when the update arrives with this code, it will try to create the side-by-side dir, and fail. I think this is not so good :/ 19:30:37 <mcs> I did not realize that that prompt gives them write access to TorBrowser.app. That’s bad for the new world order. 19:31:13 <mikeperry> yeah, we may need to do the ~/Library thing after all 19:31:38 <mcs> If that is even somewhat common we need to think about supporting both side-by-side as well as ~/Library or something. Ricochet does something like that. 19:31:40 <mcs> Right. 19:32:01 <mcs> I assume we do not want to only support ~/Library though. 19:32:58 <GeKo> it seems the ricochet approach as you sketched it is a fine onw 19:33:00 <GeKo> *one 19:34:13 <GeKo> is anyone else here for an status updates? 19:36:43 <GeKo> okay. let's move to the discussion phase 19:37:24 <GeKo> https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-6.0a5 contains the stuff i think we should have in the alpha for testing 19:37:40 <GeKo> (we might find more while testing, though) 19:38:44 <GeKo> mcs: i wonder if you could put the canvas and svg tickets on your plate? 19:39:10 <GeKo> that is #18599 #15640 and #18602? 19:39:42 <GeKo> i think i work on #14970 at least 19:39:48 <mcs> GeKo: yes, we were planning to take those 19:40:08 <GeKo> arthuredelstein: any preferences? 19:40:16 <mcs> (do you want to update the owner in trac or should we do it?) 19:40:28 <GeKo> go ahead 19:40:31 <mcs> ok 19:40:46 <GeKo> arthuredelstein: i think #16328 and #16998 might be worthwhile 19:41:07 <GeKo> er #16673 19:41:20 <GeKo> instead of #16328 19:41:36 <arthuredelstein> Yes, I could take those two 19:41:51 <GeKo> okay lets start with that, thanks 19:42:20 <arthuredelstein> sounds good 19:43:15 <GeKo> we can adjust the work at the next meeting if needed (if more urgent things come up) 19:43:33 <GeKo> speaking of which: when do we have our next meeting? 19:44:00 <GeKo> i guess next monday is a holiday in lots of places 19:44:13 <arthuredelstein> I might go for #16326 as well if no one else has claimed it. 19:44:29 <GeKo> yeah, good one, please do 19:44:40 <mcs> I am OK with meeting next Monday but we could also delay by a day. 19:45:05 <GeKo> i am fine with it too fwiw 19:45:23 <GeKo> but i am fine with moving it either 19:45:39 * boklm is fine with either 19:46:46 <arthuredelstein> I'm OK with either 19:47:20 <GeKo> okay. then lets keep next monday 19:48:25 <GeKo> what else do we have for the meeting? 19:49:35 <arthuredelstein> I wanted to ask about #18127. 19:49:53 <arthuredelstein> Do we have a patch that already solves the problem? 19:51:07 <GeKo> yes. 19:51:25 <GeKo> there is just the detail missing how to handle the need for sudo 19:52:08 <GeKo> mikeperry: if you have an opinion for #18127 (see my last comment) then please state it in the ticket 19:53:07 <GeKo> arthuredelstein: if you take boklm's bug_18127-v2 branches (gitian-builder and tor-browser-bundle) that should work 19:56:02 <GeKo> alright, thanks for attending this meeting *baf* 19:56:06 <GeKo> #endmeeting