15:01:49 #startmeeting S27 04/02 15:01:49 Meeting started Tue Apr 2 15:01:49 2019 UTC. The chair is pili. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:01:49 Useful Commands: #action #agreed #help #info #idea #link #topic. 15:02:01 who else is here? 15:02:05 <- 15:02:47 * mcs is also here 15:03:06 anto is giving a talk so she won't be around 15:03:12 david is away 15:03:18 i guess we all here? 15:03:22 gaba? 15:03:25 Hello all. Happy to be here again. 15:03:50 btw who is gonna be the PM? both you and gaba? 15:04:00 hey 15:04:01 double PM action? 15:04:08 not sure we haven't really discussed :D 15:04:08 lol 15:04:09 T_: o/ 15:04:15 ok 15:04:22 sounds good to me 15:04:42 my feeling is that we will both do it but concentrating on our team's deliverables 15:04:47 but I'm open to other ideas :) 15:04:48 ah 15:04:54 ok makes sense 15:05:23 ok so what we doing? 15:05:26 we did a pretty good pre-meeting 15:05:32 so, the pad is here: https://storm.torproject.org/shared/SVpfhg7GIEttH2rgwCYrA-JfXdD-a5MZYxe3-btlutV 15:05:46 everyone's done a great job of doing some initial triaging 15:05:52 now we need to start adding some dates 15:06:11 just for background, so everyone is aware, we can invoice for deliverables as we complete them 15:06:13 oh like actual roadmapping 15:06:21 and we have to write montly reports on the work that we are doing towards the deliverables 15:06:31 ok 15:06:49 in the network team side we need to look a little at capacity to be able to get dates on tickets 15:06:58 maybe we don't need to map out the whole roadmap today, but would be good to have an idea of what we can work on in the next 3 months (for example) 15:07:03 right. im still assigned for s31 stuff for this month. 15:07:46 asn: i need to look at that and then we need to talk on how to clon you :P 15:08:17 ok if i can keep both pieces after the sponsor is done. 15:08:22 ok, so maybe the first question is how likely is it that there will be any work on deliverables done this month :) 15:08:34 pili: if i'm not on s31 there will be work from me 15:08:49 i think for network-team we should start with O1A1.1 and O1A2 15:08:59 for the first 3 months 15:09:08 ok 15:09:12 and leave O1A1.2 (onionbalance) for later 15:09:27 because for onionbalance we know how to do it. we have plans. we just need to do them. 15:09:40 for O1A1.1 and O1A2 we still need to figure out stuff, like debug etc. 15:09:44 asn: we should figure out where we are blocked on you 15:09:47 it makes sense 15:09:48 and take that into account 15:09:49 GeKo: yes! 15:10:09 for instance we probably can't work on o2a2 15:10:20 until things are fixed in core tor 15:10:39 should we discuss this now? 15:10:42 (im fine with discussing it now) 15:10:45 I think so 15:10:47 not necessarily 15:10:52 ok 15:11:01 so there will need to be some net-team guidance on all the obj2 deliverables 15:11:11 yes 15:11:14 well, we know that if we're reliant on o2a2 and the network team won't work on that in the first 3 months we also can't 15:11:21 we = browser-team 15:11:22 yes 15:11:29 right 15:11:30 so what can we do instead 15:11:33 i am fine with that fwiw 15:11:37 but another approach would be for net-team to de-block the tbb team asap 15:11:40 right 15:11:46 asn: yep 15:11:48 so that tbb team can race forward 15:12:17 so perhaps until dgoulet comes back i can work on obj2? 15:12:20 asn: any reason why net team can't start on that? 15:12:23 ok, sounds like a plan 15:12:25 pili: we can def start with that 15:12:42 great! 15:12:47 there might be as well things needed for good alt-svc support 15:12:50 one argument for starting O1A2 soon would be because there is a DoS happening right now, so extracting as much info as possible right now, would be a good thing 15:12:51 o2a3 15:13:02 GeKo: ye 15:13:18 should we go through all the obj2 deliverables? 15:13:22 from top to bottom? 15:13:27 and see what is needed from net team? 15:13:29 sure 15:13:36 ok great 15:13:43 is this a good thing to do now? 15:13:44 i think we are good re o2a1 15:14:02 yup 15:14:04 ok 15:14:07 asn: let's do it 15:14:16 ok so o2a1 15:14:25 yes i think if you manage to get v3 client auth working 15:14:29 you should be able to do everything 15:14:45 yes 15:14:50 and use the net-team for questions when you fail to get v3 client auth working 15:15:01 it's heavily underdocumented and potentially buggy 15:15:07 due to its underutilization 15:15:09 i mean all the v3 client auth things should be there though 15:15:12 afaict 15:15:15 yes 15:15:19 they are implemented 15:15:22 good 15:15:39 ok 15:15:42 onwards 15:15:44 o2a2 15:15:57 15:11 < pili> well, we know that if we're reliant on o2a2 and the network team won't work on that in the first 3 months we also can't 15:16:00 we are blocked here if we go with the strategy in the bug 15:16:09 let me see the bug 15:16:12 *outlined in the bug 15:16:42 23545 ? 15:16:45 #23545 rather 15:16:54 yes 15:17:06 ok so the plan is for tor to do the checking and inform tbb 15:17:10 yes 15:17:19 i think that's still a good ida 15:17:22 ok so there is some work to be done here 15:17:22 *idea 15:17:27 im not sure how to inform tbb 15:17:32 and it seems like that's where the thing is blocked 15:17:38 doing the actual check is not so hard 15:18:00 ok there is a bit of an interface thing to figure out 15:18:07 yep 15:18:08 and then the implementation should be "straightforward" 15:18:15 i think this might be 3 points for the net-team 15:18:31 and a bit of discussion with you guys to figure out the ideal interface 15:18:41 agreed 15:18:43 so, do we want to discuss the interface now? 15:18:44 or leave that for another time/meeting? 15:18:48 leave it for anothe rtime 15:18:49 i'd say 15:18:51 Roughly what unit corresponds to one point? 15:18:52 leave that for another time 15:18:53 ok, works for me 15:18:57 mcs: day 15:19:06 asn: thx (that was my guess) 15:19:15 ok so we can continue discussion over trac 15:19:22 asn: +1 15:19:32 onwards to o2a3? 15:19:38 yup 15:19:43 yup 15:20:02 ok so there is some alt-svc stuff to be done there 15:20:05 this is pure tbb-team 15:20:15 e.g. prioritize onions and display circuit 15:20:32 and by tbb-team i mean also UX team :) 15:20:37 * asn imbecile 15:20:41 yep. you might want to update your onion-location proposal as well 15:20:50 right and then we have the onion-location thing 15:20:55 which we....probably want to do? 15:21:04 i think so 15:21:23 along with the onion-locationm thing, there are various UX improvements that anto has been thining about 15:21:30 on how to ask the user, etc. 15:21:34 yup 15:21:40 and potentially some of these UX improvements should also be done in alt-svc? 15:21:47 not the ask thing, but maybe something to inform of the redirection 15:21:50 dunno 15:21:57 so... any dependencies on net-team here though? 15:22:24 yes, probably some alt-svc work 15:22:35 and the onion-location proposal 15:22:39 but not that much 15:22:44 and we could start working on stuff 15:22:45 what happens if tbb-team inherits onion-location proposal? 15:22:46 for the UX improvements the UX team needs guidance from tbb team also on what can be implemented 15:22:56 i.e what is a -must from the tbb side 15:22:59 asn: we could do that 15:23:13 what alt-svc work is related to net-team? 15:23:43 i heard cf had maybe some bugs that we need to fix in order to provide a good experience? 15:23:48 oh 15:23:52 hmm 15:23:54 they are not -musted 15:24:06 is it the prioritize thing? 15:24:07 hm 15:24:08 do we have a list of those bugs? 15:24:21 brb 2 mins phone sorry 15:24:44 (let me try to see if I can find out myself) 15:25:10 asn: we might be able to do our work without those things fixed 15:25:15 but i am not sure yet 15:25:35 there is a "optimally support this experience" item :) 15:25:47 which seems to set the bar high 15:26:25 back 15:26:28 hm 15:26:32 it could be, though, that those alt-svc things are not client facing 15:26:45 and then we would not need them 15:26:50 but i am not sure here either 15:26:50 is there a ticket? 15:26:59 I'm trying to find something 15:27:12 i did not file any 15:27:44 if nothing jumps out right now i am fine keeping this just in mind 15:28:00 and start doing things here if we suddenly need to 15:28:00 right 15:28:03 ok 15:28:04 sounds good 15:28:14 perhaps you can shoot an email to fb/cf? :) 15:28:20 or i can do it 15:28:21 yeah, I can't find anything 15:28:26 also will shackleton is using alt-svc 15:28:33 and he is on top of his game, so maybe he knows what's up 15:28:42 maybe there's something in the mexico notes 15:29:31 ok, shall we move on for now? 15:29:32 maybe https://twitter.com/arthuredelstein/status/1042194259368013825 ? 15:29:34 dunno 15:29:49 ok let's move on 15:29:52 and have this in mind 15:30:00 it seems like the tor browser team can start work on this independently of network team 15:30:05 should i assume that net-team is not gonna be needed here, except for reviewing proposals etc.? 15:30:10 asn: i think that#s on our radar 15:30:19 asn: i think that's okay for now 15:30:20 ok great 15:30:24 let me know if something changes 15:30:44 o2a4 15:30:51 ok o2a4 15:31:21 ok so o2a4 is 3 pretty random tickets 15:31:37 we might need better error messages from tor's side for onion service issues 15:31:40 #19251 is very UX-heavy and a bit of tbb 15:31:42 GeKo: riiight 15:31:53 but that's allfor the ticket it hink 15:32:01 well there is also some ssl stuff 15:32:04 as -must 15:32:08 #27636.onion indicator for non-self-signed but non-trusted sites 15:32:12 #13410: Disable self-signed certificate warnings when visiting .onion sites 15:32:14 (wrt network-team blocking) 15:32:15 ah right 15:32:20 ok yes 15:32:47 i remember talking to dgoulet about that in rome and iirc we came up with some ideas 15:33:00 ok right now i dont know if tor exposes enough info to debug failed conns 15:33:42 e.g. figure out whether the issue is in the hsdir side, the intro side, the rend side, etc. 15:33:53 we should figure out the interface we want here (i.e. the errors we want to show) 15:33:58 and then see if we can derive them somehow 15:33:59 so, we need better error messages from tor to surface to the user in a friendly manner? 15:34:03 yeah 15:34:08 yes 15:34:14 and the browser team is potentially blocked on that 15:34:15 ok 15:34:20 ok there is a bit of blockage here 15:34:22 just that part 15:34:27 how much blockage depends on what is needed to surface 15:34:34 ideally we should surface as much as possible 15:34:42 so that the error can be helpful 15:35:09 ok let's assume some blockage here. 3 points again. 15:35:17 i will start by thinking about the interface 15:35:22 and see how much info is exposed 15:35:25 and then we can discuss what is needed 15:35:49 i dont even know how these errors are currently propagated so i will need a bit of discussion with the browser team to figure this out 15:36:10 wfm 15:36:17 ok great 15:36:20 anything else on this? 15:36:31 nzh 15:36:32 nah 15:36:43 last one then o2a5 :) 15:36:45 ok great 15:36:48 this one is a bit more involved 15:37:22 hmmm 15:37:35 so we need to start this by getting in touch with bill from eff, and jenn from securedrop 15:37:38 we should break it down a lot 15:37:41 right 15:37:41 the question is who is working on the https-e changes 15:37:41 yes 15:37:48 yeah 15:37:52 and what are the https-e changes 15:37:56 because it's likely that there are not many 15:37:57 yep 15:38:06 i think https-e already supports onions in its backend 15:38:10 so the changes are mainly gonna be UX/UI 15:38:28 that is, UI changes to make it clear what's going on and assist the community into developing rulesets and whatnot 15:38:43 this sounds like something we will probably not work on in the first 3 months though, other than getting in touch with bill and jenn to start coordinating work 15:38:44 yep 15:38:49 pili: right 15:39:00 getting the conversation going during the first 3 months is useful tho 15:39:06 asn: yup, definitely 15:39:19 we should get in touch asap 15:39:28 ok i can do that 15:39:46 i can get these emails flying this month 15:39:52 asn: great 15:39:53 thx 15:40:10 and that's the whole game 15:40:23 maybe there should be an email list where the HTTS-E discussions take place? 15:40:29 or maybe we can use an existing list 15:40:33 existing list i'd say 15:40:40 maybe tor-dev? maybe https-e? 15:40:41 maybe tor-onions? 15:40:43 we have a few 15:40:59 so, looking back on the discussion above, it seems like the most helpful thing for the network team to unblock for us first would be o2a2 15:41:08 right 15:41:16 with the others being less critical as we can both work independently on some aspects of it 15:41:21 until david comes back i can work on o2a2 o2a4 and o2a5 15:41:38 assuming i dont have s31 stuff to do 15:41:51 if i have s31 stuff to do i will still try to be useful on o2a2 15:41:54 I think it's probably ok to just concentrate on o2a2 for april 15:42:03 aight 15:42:04 and not impact your s31 stuff, but gaba can comment further on that :) 15:42:13 kk 15:42:44 GeKo: does that work for the browser team? 15:43:21 you mean working on o2a2 in april? 15:43:33 or that the network-team is working on that in april? 15:44:04 that the network team is working on that and also what we can work on for S27 in April 15:44:25 we can work on it as soon as tor browser 8.5 is out 15:44:26 I don't see any S27 tickets for April for browser team atm 15:44:41 ok 15:44:52 or pmore precisely as soon someone who is supposed to work on s27 is not blocked on 8.5 tasks anymore 15:45:13 so, i think, yes, working on s27 in april is doable 15:45:32 i am not sure yet we should start with o2a2, though apart from helping the network team helping us 15:46:09 GeKo: yup, that's fine, probably makes sense to work on other S27 tickets until we're no longer blocked on network team 15:46:11 i am inclined to just go ahead with o2a1 and get this done before we need to switch to esr transition work 15:46:21 ok, cool 15:46:30 as this has been a long-standing request 15:46:35 and is nice and self-contained 15:46:42 we need to do some estimation on that, which I'm super behind on :/ 15:46:57 i wonder if o2a1 will require net-team work to inform that a website needs client auth 15:47:18 we'll find out soon enough i guess :) 15:47:19 i remember this was an issue with the v2 design that arthur was trying to do 15:47:28 ack 15:47:41 GeKo: for o2a1 I assume we'll also need to have an onion service with client auth to test against 15:47:58 and this will involve some work on our side if we don't have it already 15:48:01 yes, but that's not that hard to set up 15:48:16 ok, cool 15:48:42 what else? 15:48:57 if we are done with objectivs and activities for now 15:49:00 we can discuss the next meeting 15:49:30 i'd suggest we do another meeting next week so that antonela is also present, and then skip it for two weks until the end of april so that david is also present 15:49:40 sounds good 15:49:43 +1 15:49:48 because we have figured out interactions between net team and tbb team 15:49:51 I think GeKo and I will also be afk anyway 15:49:52 +1 15:49:54 but we have not figured out interactions of ux team 15:50:11 so, I spoke with antonela and she's happy to follow browser team lead on this 15:50:26 i.e whatever the browser team is ready to implement we can work on also 15:50:43 (if that makes sense) 15:50:46 it does :) 15:50:47 as in, there's no point in UX team working on something if there's no one to implement on browser side 15:51:00 cool 15:51:04 what do you mean? 15:51:35 anto is picking up the stuff that the browser team picks up first 15:51:57 also, UX team will need guidance from browser team on what are s27-must tickets for UX team 15:51:58 IMO there is some discussion to happen about the UX side of all the o2 activities 15:52:13 yes, that's true 15:52:43 ok, let me flip this around then, is there any network team activity that requires UX team input? 15:52:43 but the point was regarding when things get done ux will follow browser 15:52:45 so ideally the plan should allow some time for discussion with the UX team before plugging it into the tbb 15:53:00 pili: no 15:53:01 *when* i meant 15:53:12 asn: yes, that will def happen 15:53:19 ok great 15:53:54 sounds good then 15:55:05 i guess we done here for this week? 15:55:18 ok, going back quickly to meeting schedule, next one would be on 04/09 and the following one on 23rd? or 30th April 15:55:29 sonds good 15:55:33 23rd might work for david 15:55:34 also, next week is the monthly Mozilla sync at the same time 15:55:39 so we will need to move it... 15:55:46 aight 15:55:51 put it an hour later? 15:55:52 16:00UTC? 15:55:55 (at least according to my calendar) 15:56:06 GeKo: is that what you have also? 15:56:39 hm 15:56:42 an hour later wfm but we should check with gaba also and antonela 15:56:43 and GeKo :D 15:56:55 1600utc does not work for me very well 15:56:59 aight 15:57:07 I will send out a doodle 15:57:17 I think that will be easiest (hopefully) 15:57:24 maybe we can do it wednesday 15:00UTC? 15:57:24 i don't have a calendar, so not sure if that's at the sane time :) 15:57:31 same time as today but +1 day 15:57:34 *same 15:57:43 * asn trying to avoid the doodle tax 15:57:56 gaba and I can't do that :( 15:57:59 ack 15:58:02 ok doodle it is XD 15:58:11 sorry, I hate the doodle tax also 15:58:50 ok any last comments? 15:59:00 i am fine 15:59:11 me too 15:59:13 thanks 15:59:14 thanks for the comment 15:59:15 was very good 15:59:19 ehm 15:59:22 comment -> meeting 15:59:23 Thanks all. 15:59:24 sorry brain fried 15:59:27 lol, thanks everyone 15:59:30 #endmeeting