18:01:27 <donuts> #startmeeting Tor Browser Release Meeting 2022-08-08 18:01:27 <MeetBot> Meeting started Mon Aug 8 18:01:27 2022 UTC. The chair is donuts. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:01:27 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 18:01:31 <donuts> we're GO 18:01:40 <donuts> let's update the pad first 18:01:43 <richard> i'm a signing 12.0a1 literally RIGHT NOW 18:02:24 <donuts> RIGHT NOW!? 18:02:28 <richard> si 18:03:29 <donuts> so release some time in the next few days? 18:03:35 <richard> ideally tomorrow 18:03:40 <donuts> nicceeeee 18:03:54 <richard> apple signing seems to be going smoothly which historically is the sketchiest one 18:04:37 <richard> I've marked in the calendar esr102-based alpha for end of aug/start of sept 18:04:45 <richard> but we'll see where we are when we get there 18:05:01 <richard> kind of depends on what reproducibility issues we discover in the coming weeks 18:05:39 <donuts> i see you estimated 12.0 for November 15th 👀 18:05:49 <richard> yolo 18:05:51 <donuts> wait no 18:05:52 <donuts> 22nd 18:06:22 <donuts> sounds good to me, probably don't want to leave it any later otherwise we'll start to run into bug fixing during the holidays 18:06:30 <richard> if we can get 102 alpha out for 12.0a2 then that should give us 3 102-based alphas 18:06:37 <donuts> and nobody wants a bugmas 18:06:41 <richard> yeah ikr 18:07:11 <richard> i would very much like us to not to think about tor-browser over the holidays 18:07:25 <donuts> lol yes 18:07:58 <donuts> what alpha will the first esr 102 build be on? 18:08:09 <richard> tentatively 12.a2 18:08:18 <richard> 12.0a2* 18:08:19 <donuts> oh awesome 18:08:32 <donuts> hopefully things are a little easier this year :D 18:08:32 <PieroV> I think more 12.0a3 18:08:36 <donuts> right 18:08:48 <PieroV> If we want to release 12.0a2 based on 91.13 18:09:20 <PieroV> (around aug 25) 18:09:53 <donuts> is that the last scheduled esr 91 update by mozilla? 18:10:02 <PieroV> Yes 18:10:05 <richard> yeah 91.13 is the last one 18:10:17 <richard> so subsequent stables will need to take 102 backports for anything important 18:10:19 <donuts> right, and then it's backporting security fixes for the foreseeable? 18:10:21 <donuts> yep 18:10:21 <donuts> cool 18:10:48 <richard> i think that if we *can* do esr102 for 12.0a2 we should do it 18:11:00 <richard> but not bend over backwards to get it working if it just isn't there yet 18:11:12 <donuts> do you think we should hop on an earlier esr next year? 91 -> 102 didn't leave us a lot of time 18:11:42 <richard> i'd like to have as many alphas as possible on esr102 so we can catch issues early and ensure happy holidays for everyone involved :p 18:11:48 <donuts> yeah, agreed 18:12:02 <PieroV> 102 is already there 18:12:05 <PieroV> But without audits 18:12:12 <PieroV> (and the Rust problem) 18:12:36 <richard> we don't know about reproducibility yet though right? 18:12:45 <PieroV> Oh well, and not an esr, but the latest 102 from the rapid release 18:13:15 <PieroV> richard: yep, you're right on this, but I think we'd like to solve all the toolchain problems, first? 18:13:45 <richard> yes, I just meant it's one more unknown re '102 is already there' 18:15:03 <richard> next year we can probably hope onto the migration a month earlier 18:15:22 <richard> as soon as the rapid-release tags are there 18:15:44 <richard> this year was a bit hard w/ the 11.5 and hiring and everything 18:15:50 <PieroV> even the beta tags? 18:16:18 <richard> yeah whichever is reasonable 18:16:30 <PieroV> wfm 18:16:42 <richard> but that's a problem for next spring 18:16:48 <richard> or summer 18:17:57 <donuts> yeah 18:18:06 <donuts> okay, that sounds fine 18:18:09 <donuts> well 18:18:12 <donuts> maybe 18:18:18 <richard> perhaps 18:18:19 <donuts> when were the beta tags available? 18:18:52 <PieroV> I think around the same time 101 was stable 18:19:04 <richard> May ish 18:19:18 <PieroV> yeah, mid May at the latest, maybe? 18:19:46 <donuts> that still doesn't leave a lot of alphas between beta and EOL for the current ESR to be honest 18:20:03 <donuts> even if we did it all perfectly and by the book 18:20:37 <donuts> releasing 12.5 sooner last year would help though 18:21:00 <donuts> er 18:21:02 <donuts> next year i mean 18:21:22 <richard> yeah 18:21:37 <richard> still two alphas isn't that bad either 18:23:30 <donuts> okay that's it for discussion items from my pov 18:23:34 <donuts> anything else anyone would like to discuss? 18:23:41 <PieroV> Anything about Android? 18:23:48 <donuts> we have an android app? 18:23:54 <richard> happyily it looks like the tor meeting slides right between release work, so that's nice :p 18:23:57 <richard> we do! 18:24:02 <PieroV> We have a MR for tor-browser-build for Android 102 18:24:10 <donuts> awesome! 18:24:27 <PieroV> I've already built it and it passes the usual qa we do for builds 18:24:38 <richard> the plan going forward is a single android+desktop branch in tor-browser right? 18:24:53 <PieroV> Yes, but this MR still has its own branch 18:25:14 <PieroV> (I keep forgetting comparing the preferences, will do before merging tor-browser!337) 18:26:09 <richard> well that's just great 18:26:25 <PieroV> I guess that we're skipping this Android alpha 18:26:38 <PieroV> Unless we want to do a deferred 12.0a1 or an Android-only alpha 18:26:41 <richard> yeah no 12.0a1 Android, but yes for 12.0a2 18:27:01 <richard> I'm planning on just keeping the version numbers in lock-step going forward 18:27:02 <PieroV> Yes for sure, or yes only if 12.0a2 is 102 also for desktop? 18:27:24 <richard> 12.0a1 Desktop, 12.0a2 Desktop+Android 18:27:31 <richard> so the first android alpha will be 12.0a2 18:27:37 <richard> I'm sure it's fine 18:28:04 <PieroV> Okay, but my question was: if for any reason 12.0a2 desktop is 91.13 instead of 102, are we pushing Android back to 12.0a2? 18:28:10 <PieroV> *12.0a3 18:29:11 <richard> hmm, no I think it's fine to do esr102 for android, and 91 for desktop 18:30:10 <richard> Pierov: I'll get your Mrs reviewed and let's try and verify reproducibility around thurs/friday this week? 18:30:17 <richard> MRs* 18:30:38 <PieroV> I don't have one for desktop yet, 'cause I'm basing on my Android batch 18:30:41 <PieroV> branch 18:30:59 <PieroV> But otherwise works for me 18:31:02 <richard> then we'll check android only then :) 18:31:18 <richard> cool cool 18:31:20 <PieroV> Most of the desktop is ready though :) I have the branch, not the MR 18:32:17 <richard> exciting and terrifying times ahead 18:32:39 <donuts> when do you think we can start looking into bug fixes for android again? 18:32:43 <PieroV> yeah 18:33:09 <PieroV> donuts: I think we should crete a plan for which bugs we want to fix first 18:33:25 <richard> yeah 18:33:26 <donuts> we have issues open for two priority bugs atm 18:33:31 <PieroV> I'd love if Dan could start working on the very-Androidish ones 18:33:34 <donuts> I think they're both in the next column 18:33:36 <donuts> I'll check 18:33:37 <PieroV> I can take GV ones 18:34:07 <donuts> https://gitlab.torproject.org/tpo/applications/fenix/-/boards 18:34:35 <PieroV> Fenix are the more-Androidish ones 18:34:46 <richard> the s22 device-specific rendering one? 18:34:47 <donuts> err, okay, the board isn't super helpful 18:34:48 <donuts> https://gitlab.torproject.org/tpo/applications/fenix/-/boards 18:34:49 <PieroV> (probably) 18:34:54 <donuts> yeah the S22 one was the second priority 18:34:58 <donuts> let me find the first... 18:35:04 <richard> maybe the 23247 regression? 18:35:18 <donuts> wait nope S22 is the top priority, richard is correct 18:35:27 <PieroV> I think we get constant requests for the automatic bootstrap 18:35:36 <PieroV> So that TBA can be set as default browser 18:35:42 <PieroV> And HTTPS-Only is also very high priority 18:35:59 <donuts> we should do HTTPS-Only first, yep 18:36:13 <richard> i think https-only should happen first, given the planned convergence of desktop and android 18:36:22 <PieroV> I wonder if we get it for free by using desktop's preferences 18:36:59 <richard> i would assume so, though i have no idea about how about:rulesets would work on android, and we also need to rip out https everywhere from android too 18:37:15 <richard> ripping out the extension is easy enough to do I'm sure 18:37:17 <PieroV> richard: I think .securedrop.tor.onion doesn't work on Android atm 18:37:31 <richard> yeah you're right 18:37:42 <PieroV> richard: nope, there's some patch on the Java side to force-load extensions 18:37:57 <PieroV> So we must remove also that code to remove HTTPS-E 18:39:05 <richard> we can plan to hand these tickets off to dan_b then 18:39:27 <richard> probably start with the other 23247 regression we have on Android to get him started w/ Android 18:39:28 <PieroV> Okay, they could be very good to get started 18:39:51 <richard> we should probably plan to get budget for some galaxy s22 device(s) too 18:40:06 <donuts> 34066 18:40:08 <donuts> er 18:40:10 <PieroV> And for a m1 mac? :D 18:40:11 <donuts> excuse me 18:40:14 <donuts> https://gitlab.torproject.org/tpo/applications/fenix/-/issues/34066 18:40:28 <donuts> does this mean the tor.onion redirects aren't currently a thing on android? 18:40:32 <PieroV> (I saw that an m1 mac mini is cheaper than I expected - I found one for less than 700€) 18:40:38 <richard> they are not a thing on android atm 18:40:44 <donuts> oh well that's good 18:41:27 <richard> lol yes 18:41:28 <donuts> well it's not good for feature parity 18:41:29 <donuts> but ya know 18:41:58 <donuts> whats the 23247 regression? 18:42:21 <richard> tor-browser#23247 18:42:28 <donuts> ahhhhh yes 18:42:33 <donuts> that was indeed the other one i was thinking of 18:42:36 <donuts> ty ty 18:42:40 <richard> we've a regression on desktop that dan_b is looking into now, and there's another possibly related on Android 18:43:18 <donuts> yep, I know what you mean 18:43:34 <richard> tor-browser#41087 18:43:48 <donuts> aha right it's in tor-browser, not fenix 18:44:14 <donuts> they do indeed show the broken padlock 18:44:18 <PieroV> We should probably move all the relevant issues and disable the creation of new ones for other projects 18:44:38 <donuts> wdym pierov? 18:44:49 <PieroV> move everything from Fenix to Tor Browser 18:44:55 <PieroV> And from Android components to Tor Browser 18:44:56 <richard> agreed 18:45:16 <PieroV> And disallow the creation of new issues on any other project, except for tor-browser-build 18:45:22 <richard> i don't *think* you can disable create of issues thoug (at least i couldn't figure it out for torbutton and tor-launcher) 18:45:33 <richard> though i would love to be wrong on that 18:45:47 <richard> the other one: tor-browser#41075 18:45:48 <donuts> ah right I see 18:45:53 <donuts> yeah, that would make things easier 18:46:07 <donuts> you could restrict issue creation to project members i think 18:46:08 <PieroV> I think you may need to disable issues completely, but I expect that'd break existing links 18:46:19 <richard> mmhm 18:48:02 * donuts is updating the pad... 18:50:00 <donuts> okay done 18:50:40 <donuts> i like the idea of moving all issues to tor-browser a lot tbh 18:50:58 <donuts> pierov: will you need an M1 mac long term? or just until we have stable ARM builds for Mac? 18:51:13 <PieroV> Nah, I don't think I'll need one 18:51:17 <PieroV> Only if we get nasty bugs 18:51:28 <richard> yeah that^ 18:51:35 <PieroV> And there's some people that rents remote macs 18:51:38 <donuts> ah okay 18:51:59 <donuts> I was thinking that if it's temporary, we could get a macbook and send it off to a new owner once you're done with it 18:52:03 <donuts> quite a few of the ops people are on mac 18:52:11 <donuts> and i'm sure there are machines needing replacement soon 18:52:21 <PieroV> I don't think it's a good idea 18:52:45 <PieroV> Getting things from US to EU needs either paperwork or money 18:53:12 <donuts> ah yeah true, it would probably be easier to ship it within the EU 18:53:15 <PieroV> Like paying the VAT (around 20%, 22% in my country) 18:53:24 <donuts> in any case we can ask Sue what's needed 18:53:31 <PieroV> Yes, within the EU is much easier 18:53:53 <PieroV> Yeah, but I think that boklm may need one, if he hasn't already 18:54:45 <donuts> cool, we can def get that approved :D 18:54:57 <richard> phones macs and signing machines 18:55:00 <richard> so many hardware requests :p 18:55:13 <donuts> ha yes, but it's all in the name of ~stability~ 18:55:22 <richard> i mean 18:55:39 <richard> yes 18:56:20 <donuts> if it makes you feel any better I'm using my own macs, although I got an Android from TPI 18:56:47 <richard> i ain't go no worries 18:56:50 <donuts> if we start traveling again I'm gonna have to request something new though 18:56:58 <donuts> the brave little macbook isn't doing too well these days 18:57:08 <richard> god i know the feeling 18:57:21 <richard> my poor thinkpad is v sad when it has to do anything 18:57:28 <donuts> haha yess 18:57:35 <PieroV> I'd also need a new laptop, but I think I cannot ask TPI :/ I wanted a framework, but they still don't ship to the old country :( 18:57:42 <donuts> my macbook is leaving red marks on my lap when it tries to load a gif these days 18:58:04 <donuts> luckily i have the green machine when i'm at home though 18:58:56 <donuts> woops look at the time 18:59:01 <donuts> #endmeeting