17:59:51 #startmeeting tor-browser-release 04/15 17:59:51 Meeting started Wed Apr 15 17:59:51 2020 UTC. The chair is pili. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:59:51 Useful Commands: #action #agreed #help #info #idea #link #topic. 17:59:52 hmm... or not :) 17:59:55 there we go 17:59:58 alright thanks pili 18:00:03 who's around for the meeting today? :) 18:00:09 I am 18:00:18 Here is the pad again: https://pad.riseup.net/p/tor-browser-release-meeting-keep 18:00:40 o/ 18:00:50 cschutijser: welcome 18:00:51 please add any discussion items or requests in the relevant sections :) 18:00:59 and we'll start in a few minutes 18:01:15 hey 18:01:20 oh 18:01:23 other room! 18:02:01 Thanks. Should I file my topic ("Tor Browser on OpenBSD") under discussion or somewhere else? 18:02:20 cschutijser: Discussion is fine :) 18:02:27 and welcome! 18:02:56 Thank you :) 18:03:19 I think we can probably start with the discussion items now 18:03:51 sysrqb: I had taken a note that we were going to do a release around now to take advantage of the new tor 0.4.3 release 18:04:03 I'm guessing that's no longer happening due to release fatigue ;) 18:04:10 and I just wanted to confirm 18:04:23 * antonela waves 18:04:32 hey antonela 18:05:41 pili: yeah. 18:05:46 i think i dropped the ball on this 18:05:55 but we need a break from releases, too 18:06:00 so that's okay 18:06:09 here o/ 18:06:31 ok, so then I have the next release on May 5 for the 9.5 stable but I think we need to review that :) 18:06:56 i think we should move that to 5/5/ 18:07:01 errh 18:07:05 15 may 18:07:10 the stable? 18:07:15 yes 18:07:18 ok 18:07:33 i need to follow up with securedrop about their testing and deployment pans 18:07:37 plans 18:07:43 for the https-e ruleset and such 18:07:51 and do we want to do another release in between to take up the new tor 0.4.3? 18:08:08 we can include that on 5/5 18:08:14 with the new ESR 18:08:19 ok, great :) 18:08:40 two weeks shouldn't make much difference :) 18:08:42 i hope 18:11:17 ok, so I now have: 18:11:21 - 2020.05.05: 9.0.10 and 9.5a12 - ESR68.8 and Tor 0.4.3 18:11:50 and 2020.05.15: 9.5 Stable and 10.0a1 - Tor 0.4.4alpha 18:12:08 sysrqb: I don't think so either :) 18:12:52 that seems good 18:13:05 and from mid May onwards are we still looking at releasing with the ESRs or do we want to try the fortnightly alpha releases experiment again? 18:13:23 to not forget about everything that comes after the 9.5 stable 18:13:52 * pili needs to extend the timeline :) 18:14:02 i think following the ESR schedule in June seems smart 18:14:12 and then we can think about releasing more often in July 18:14:53 yup, I agree 18:15:03 great 18:15:17 do we briefly want to discuss what will make it into 9.5 stable? 18:15:51 or maybe what we know will not might be easier 18:16:02 sure. you want to create a list of all features or the S27 features, in particular? 18:16:31 errors, onion-location, urlbar updates, https-e channel update 18:16:32 hmm, I think all features 18:16:35 and i think that is all 18:16:56 maybe the first three? 18:16:56 I think the S27 features are the most prominent ones for me 18:17:11 and I don't want to forget about any other nice things we may be releasing 18:18:12 https://gitweb.torproject.org/builders/tor-browser-build.git/tree/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt 18:18:13 * antonela btw if you are reading and you feel safe to try an alpha go for it https://dist.torproject.org/torbrowser/9.5a11/ 18:18:21 :) 18:18:24 :) 18:18:46 pili: i can go through the changelog and pull out all of the new features 18:18:50 maybe that will be easier? 18:19:00 sure, if it's not too much hassle 18:19:14 but maybe we don't need to list them all here and now :) 18:19:30 yeah, i can follow up with an emai 18:19:33 l 18:19:38 that may be easier 18:19:51 I think what would be nice is to check what we are planning to release and make sure that anything that people are expecting or would like to request for inclusion is missing 18:20:11 and then we can discuss the ones that are missing or any requests 18:20:33 the only feature i know we aren't sure about is onion-location 18:21:05 but the argument that "we won't know if it works until it is in a stable release" is a good argument, too 18:21:48 if we go to stable, we will need documentation 18:22:04 maybe if not too, but is another discussion 18:22:09 yeah 18:22:14 I wonder what we can do to be sure one way or another :) should we do a call for testing? 18:22:41 I'm fine if it doesn't make it in also 18:22:54 we can/should start asking our friends 18:23:00 :) 18:23:08 maybe sending an email is smart 18:23:25 pili: yes! nah is working on that 18:23:50 I can take that one 18:23:51 I can just send an email to tor-project for example 18:24:00 pili: awesome 18:24:04 thank you! 18:24:09 ok 18:24:16 anything else on 9.5 stable? 18:24:49 re: documentation we should start working on it regardless and have it ready to publish :) 18:25:05 yeah 18:25:09 I can work on that with ggus 18:25:12 i guess we should coordinate with ggus? 18:25:16 okay 18:25:21 thanks 18:25:29 thanks pili 18:25:51 shall we move on? :) 18:26:14 yep 18:26:19 is groot 18:26:37 cschutijser: I believe you're up now :) 18:26:45 I believe so to :) 18:26:56 hello! 18:27:03 I was asked to join this meeting to let all of you know what I'm doing so here I am 18:27:20 Since a couple of months I maintain Tor Browser in the OpenBSD ports tree 18:27:34 oh thanks! 18:27:44 which version number are you distributing now? 18:27:44 When I started it was stuck at 8.x, I believe. I upgraded it to 9.x and I've been keeping it up to date since 18:27:50 very nice 18:27:52 9.0.9 18:27:53 thank you! 18:27:59 You're welcome :) 18:28:18 great! 18:28:18 Now, there is one aspect that I want to work on in the future. I'll intro that by something that happened recently 18:28:43 A month or so ago a user reported that the font fingerprinting defenses were not working. And indeed, they were not 18:29:06 The reason it didn't work was the fact that the OpenBSD port of Tor Browser does not use tor-browser-build.git to build the software 18:29:32 Instead, at least for now, it takes src-firefox-tor-browser-*.tar.xz and src-tor-launcher-*.tar.xz andd it proceeds more or less as if it's a normal Firefox browser 18:30:07 And as you know the tools in tor-browser-build.git make sure, amongst other things, that the bundled fonts are actually shipped with the Tor Browser 18:30:39 So for now I have fixed the OpenBSD port by making sure the fonts are bundled and the proper fontconfig configuration is set 18:31:07 But in the long term, what I want to do is look into tor-browser-build.git and find ways to make the difference in the build procedure as small as possible 18:31:17 To prevent such bugs from happening again 18:32:02 So if I have any questions or suggestions regarding this topic, I'll let you know. I don't really have a timeline for this 18:32:27 If you have any questions or comments regarding the above or anything else, I'm happy to hear it 18:32:32 yes, plesae let us know ifyou have any questions or suggestions 18:33:14 tor-browser-build provides us with a way of reproducibly creating tor browser releases 18:33:41 but you should be able to build tor browser outside of tor-browser-build 18:34:06 but the compoonents may not match 100% 18:34:35 on the tor side, we should be careful about using custom patches within tor-browser-build and applying those during the build process 18:34:37 It is indeed true that I get a fairly well functioning Tor Browser by just taking the source tarball 18:35:11 and, we are generally careful about making changes in the git repos 18:35:19 Are there other features, besides the font fingerprinting defenses, that come to your mind right away that may not be included if I build the Tor Browser like this? If not that's ok, I'll figure it out at some point 18:35:32 but this is something we can keep in mind (and it's not something i previously thought about) 18:36:00 What do you mean in this case by the git repos? Just the tor-browser-build.git repository or some other repositories too? 18:37:07 I can imagine it also applies to the tor-browser.git repository 18:37:14 i was thinking about the tor-browser.git repo, in particular 18:37:18 yes 18:37:43 ok, I fully understand that 18:38:24 i'll review the build process 18:38:47 and can w chat about this later this week? 18:38:50 *we 18:39:06 That's OK with me 18:39:12 great, thanks 18:39:27 Although at this point in time I don't know a whole lot yet about tor-browser-build, I don't know if that would be useful? 18:40:18 whatever will be helpful 18:40:34 if you want to look at tor-browser-build more before we talk,then that is fine too 18:40:46 Alright. Well, let's indeed chat this week. We can also chat again later if necessary 18:40:53 toerhwise we can talk about tor-browser-build as well 18:40:59 yeah 18:41:03 *otherwise 18:41:08 Sounds good 18:41:24 Shall we determine a date and time later in a /query? 18:41:30 yeah 18:41:51 ok 18:41:51 sounds good 18:41:54 sounds like we are good here for now then :) 18:42:10 does anyone have any other discussion points or requests? 18:42:12 Indeed :) 18:42:16 None from my side 18:42:16 thank you cschutijser 18:43:40 All of you too :) 18:43:51 ok, I think we can end the meeting here then :) 18:43:52 thanks everyone! 18:43:53 #endmeeting