Anti-censorship issueshttps://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues2023-12-14T08:50:00Zhttps://gitlab.torproject.org/tpo/anti-censorship/gettor-project/OnionSproutsBot/-/issues/58Improve and correct the text answering "What is Tor?"2023-12-14T08:50:00Zebanamebanam@torproject.orgImprove and correct the text answering "What is Tor?"We should improve the text answering "What is Tor?"
This is what we have right now:
![ima_2bcbb33.jpeg](/uploads/4edbba53c49ae6a336a19626b1bd1ddc/ima_2bcbb33.jpeg){width=242 height=267}
relevant file: https://gitlab.torproject.org/tpo...We should improve the text answering "What is Tor?"
This is what we have right now:
![ima_2bcbb33.jpeg](/uploads/4edbba53c49ae6a336a19626b1bd1ddc/ima_2bcbb33.jpeg){width=242 height=267}
relevant file: https://gitlab.torproject.org/tpo/anti-censorship/gettor-project/OnionSproutsBot/-/blob/main/OnionSproutsBot/plugins/dialogue.py#L102https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40312Consider rendezvous via user given proxy as a backup method2023-12-11T18:48:09ZcypherpunksConsider rendezvous via user given proxy as a backup methodConsider rendezvous via user given proxy as a backup method.
This make sense if user has a very slow(than snowflake) or expensive secret circumvention proxy, also this reduce costs and probability of that proxy get blocked because the r...Consider rendezvous via user given proxy as a backup method.
This make sense if user has a very slow(than snowflake) or expensive secret circumvention proxy, also this reduce costs and probability of that proxy get blocked because the rendezvous traffic is very small.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/-/issues/29Docker installation stopped working 4 days ago (after reboot)2024-03-11T17:42:37Zzfgwsi7xDocker installation stopped working 4 days ago (after reboot)My docker setup stopped working and I can no longer connect to the webtunnel:
Debian 12 6.1.0-13-cloud-amd64
Firewall (also opened on the cloud provider's firewall)
```sh
$ sudo ufw status
80/tcp ALLOW Anywher...My docker setup stopped working and I can no longer connect to the webtunnel:
Debian 12 6.1.0-13-cloud-amd64
Firewall (also opened on the cloud provider's firewall)
```sh
$ sudo ufw status
80/tcp ALLOW Anywhere
443 ALLOW Anywhere
<SSH> ALLOW Anywhere
80/tcp (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
<SSH> (v6) ALLOW Anywhere (v6)
```
Docker processes
```sh
$ sudo docker ps
ID IMAGE COMMAND CREATED STATUS PORTS NAMES
<ID> containrrr/watchtower:latest "/watchtower" 4 weeks ago Up 20 hours (healthy) 8080/tcp debian-watchtower-1
<ID> thetorproject/webtunnel-bridge:latest "/usr/local/bin/star…" 3 months ago Up 20 hours 127.0.0.1:15000->15000/tcp, 0.0.0.0:<ORPORT>-><ORPORT>/tcp, :::<ORPORT>-><ORPORT>/tcp webtunnelBridge
[debian@jep
```
Logs (these lines keep repeating thousands of times)
```sh
$ sudo docker logs webtunnelBridge
Dec 11 17:27:22.000 [warn] Your server has not managed to confirm reachability for its ORPort(s) at <IP>:<ORPORT>. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
Dec 11 17:27:22.000 [notice] Unable to find IPv6 address for ORPort <ORPORT>. You might want to specify IPv4Only to it or set an explicit address or set Address. [59 similar message(s) suppressed in last 3540 seconds]
Dec 11 17:47:22.000 [warn] Your server has not managed to confirm reachability for its ORPort(s) at <IP>:<ORPORT>. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
Dec 11 18:27:22.000 [notice] Unable to find IPv6 address for ORPort <ORPORT>. You might want to specify IPv4Only to it or set an explicit address or set Address. [60 similar message(s) suppressed in last 3540 seconds]
Dec 11 18:43:24.000 [notice] No circuits are opened. Relaxed timeout for circuit 738 (a Testing circuit 3-hop circuit in state doing handshakes with channel state open) to 60000ms. However, it appears the circuit has timed out anyway. [19 similar message(s) suppressed in last 8520 seconds]
```
My setup steps:
1. Secure Debian server as usual
2. Follow the docs: https://community.torproject.org/relay/setup/webtunnel/ (choose docker installation)
3. Get bridge address and connect with tor-browser alpha (`sudo docker compose exec webtunnel-bridge get-bridge-line.sh`)
Tor Browser Alpha logs
```sh
2023-12-11 20:00:59.141 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
2023-12-11 20:00:59.156 [NOTICE] Opening Socks listener on 127.0.0.1:9150
2023-12-11 20:00:59.156 [NOTICE] Opened Socks listener connection (ready) on 127.0.0.1:9150
2023-12-11 20:01:00.140 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
2023-12-11 20:01:00.141 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
2023-12-11 20:01:00.226 [WARN] Proxy Client: unable to connect OR connection (handshaking (proxy)) with <IPV6>:443 ID=<none> RSA_ID=<RSA_ID>
2023-12-11 20:01:00.229 [WARN] Proxy Client: unable to connect OR connection (handshaking (proxy)) with <IPV6>:443 ID=<none> RSA_ID=<RSA_ID> ("general SOCKS server failure")
2023-12-11 20:01:06.262 [WARN] Proxy Client: unable to connect OR connection (handshaking (proxy)) with <IPV6>:443 ID=<none> RSA_ID=<RSA_ID> ("general SOCKS server failure")
2023-12-11 20:01:06.271 [WARN] Proxy Client: unable to connect OR connection (handshaking (proxy)) with <IPV6>:443 ID=<none> RSA_ID=<RSA_ID> ("general SOCKS server failure")
2023-12-11 20:01:06.776 [NOTICE] Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
2023-12-11 20:01:30.981 [WARN] Proxy Client: unable to connect OR connection (handshaking (proxy)) with <IPV6>:443 ID=<none> RSA_ID=<RSA_ID> ("general SOCKS server failure")
2023-12-11 20:01:31.000 [WARN] Proxy Client: unable to connect OR connection (handshaking (proxy)) with <IPV6>:443 ID=<none> RSA_ID=<RSA_ID> ("general SOCKS server failure")
```shelikhooshelikhoohttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40313add a setting to change the default cloudflare plaintext dns2024-02-27T11:15:37ZpseudonymisaToradd a setting to change the default cloudflare plaintext dns
- http://eweiibe6tdjsdprb4px6rqrzzcsi22m4koia44kc5pcjr7nec2rlxyad.onion/tpo/anti-censorship/pluggable-transports/snowflake/-/blob/main/common/proxy/client.go#L145
- http://eweiibe6tdjsdprb4px6rqrzzcsi22m4koia44kc5pcjr7nec2rlxyad.onion/tpo/anti-censorship/pluggable-transports/snowflake/-/blob/main/common/proxy/client.go#L145https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/issues/88Firefox Android support2024-02-27T11:18:30ZcypherpunksFirefox Android supportHi. 14 December, 2023 onwards, Firefox Android has now allowed all extensions to be installed on Android, as long as they are made (and marked as) compatible with it.
Could the Snowflake addon be updated to allow Android installs? Or is...Hi. 14 December, 2023 onwards, Firefox Android has now allowed all extensions to be installed on Android, as long as they are made (and marked as) compatible with it.
Could the Snowflake addon be updated to allow Android installs? Or is there any pending work before that can happen?https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/-/issues/311 webtunnel bridge instead of two!2024-02-27T19:09:02Zcypherpunks1 webtunnel bridge instead of two!You should give at least two bridges for conflux to work.You should give at least two bridges for conflux to work.meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40317Does Snowflake support UPnP for Ports2024-02-20T07:58:00ZcypherpunksDoes Snowflake support UPnP for PortsI have configured "-ephemeral-ports-range" for 255 Ports because my fritz.box has a restriction in port-forwarding (max 255 Ports per Forwarding). I can enable UPnP, but not forwarding everything, as other Ports should not be exposed to ...I have configured "-ephemeral-ports-range" for 255 Ports because my fritz.box has a restriction in port-forwarding (max 255 Ports per Forwarding). I can enable UPnP, but not forwarding everything, as other Ports should not be exposed to the Internet on the same Server. I believe UPnP does not yet work, or is not available on a snowflake-proxy.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40320Let broker/bridge/probetest acme/autocert use ALPN-01 challenge2024-02-27T11:19:22ZDavid Fifielddcf@torproject.orgLet broker/bridge/probetest acme/autocert use ALPN-01 challengeAs far back as October 2022, we have messages like this in the snowflake-server logs:
```
2022/10/15 08:58:35 http: TLS handshake error from [scrubbed]: tls: client requested unsupported application protocols ([acme-tls/1])
```
The ALPN...As far back as October 2022, we have messages like this in the snowflake-server logs:
```
2022/10/15 08:58:35 http: TLS handshake error from [scrubbed]: tls: client requested unsupported application protocols ([acme-tls/1])
```
The ALPN-01 challenge is an alternative to the HTTP-01 challenge
we currently use
([broker](tpo/anti-censorship/pluggable-transports/snowflake#25345),
[bridge](tpo/anti-censorship/pluggable-transports/snowflake#25346)).
To use it, we need to:
https://pkg.go.dev/golang.org/x/crypto@v0.17.0/acme/autocert#Manager.GetCertificate
> If GetCertificate is used directly, instead of via Manager.TLSConfig, package users will also have to add acme.ALPNProto to NextProtos for tls-alpn-01, or use HTTPHandler for http-01.
Probably the easiest way to do it is to call
[Manager.TLSConfig](https://pkg.go.dev/golang.org/x/crypto@v0.17.0/acme/autocert#Manager.TLSConfig),
which "creates a new TLS config suitable for net/http.Server servers, supporting HTTP/2 and the tls-alpn-01 ACME challenge type".
Currently, we use a manually created &tls.Config in
the [broker](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/blob/98db63ad01d9d78b8cd8aad77219a3d900bfdfef/broker/broker.go#L324)
and in [probetest](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/blob/98db63ad01d9d78b8cd8aad77219a3d900bfdfef/probetest/probetest.go#L225),
and we use the tls.Config
created by http2.ConfigureServer in the
[server](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/blob/98db63ad01d9d78b8cd8aad77219a3d900bfdfef/server/lib/snowflake.go#L104)
(which configures HTTP/2 but not the necessary ALPN string).https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/46Have Lox credential return to the client a formated bridge line2024-02-27T11:33:17ZCecylia BocovichHave Lox credential return to the client a formated bridge lineI see in my open invitation bridge line the following:
```
'{"addr":[byte array],"port":YYYY,"uid_fingerprint":XXXXXXXXXXXXXXXXXXXX,"info":[byte array]}'
```
IIRC, the info field is the PT-specific params. It might also be nice for the ...I see in my open invitation bridge line the following:
```
'{"addr":[byte array],"port":YYYY,"uid_fingerprint":XXXXXXXXXXXXXXXXXXXX,"info":[byte array]}'
```
IIRC, the info field is the PT-specific params. It might also be nice for the byte array values to be easier to be converted into strings before we're dealing with it in javascript so that it's easier to turn into a bridge line that Tor Browser will understand.
This isn't urgent, because we are only requesting obfs4 bridge from rdsys for now, but in the future we may want to distribute other transports over lox.https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40322Local LAN access through snowflake2024-02-27T11:30:44Zdreamboat301Local LAN access through snowflakeHi
I'm a little bit late to the party. I've read a report from the 37C3 about the success helping people from Iran and other countries avoiding traffic blocks.
So I installed a snowflake instance in proxmox and I was overwhelmed with t...Hi
I'm a little bit late to the party. I've read a report from the 37C3 about the success helping people from Iran and other countries avoiding traffic blocks.
So I installed a snowflake instance in proxmox and I was overwhelmed with traffic. Mostly from Iran and roughly 25 GB a day. I love it that I could be of help!
But I believe there is an issue with it.
I put the instance in its own VLAN and configured the firewall to block any VLAN traffic to and from this network.
A few times a day I get an alert in my firewall claiming that this machine wants to connect to other VLANs. First I thought it might answer broadcast messages. But the IPs it requests don't exist. E.g. 192.168.1.5 is nowhere to be seen. But these are only the visable connections. Because of the nature of Unifi I can't block access to 192.168.1.1 because it is the same as 192.168.x.1 of any VLAN. So I shut down the instance to avoid people of maybe hacking my network. There were also connections to 10.x.x.x networks.
How can this be possible, that people can access my local LAN? I thought that I'm just a bridge to the Tor network and forwarding any traffic to it. Including local LAN addresses (or blocking it).
I've done a few tests. If I access in Tor Browser the IP 192.168.1.1 it gets blocked right away. Thats fine. I created a subdomain of a domain I own and added 192.168.1.1 as an A record. Suddendly I'm able to get through. Somewhere it is blocked anyway but it looks like that it is not fully blocked.
I'm just a home user. Please have patience with me when you direct me to do something.https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/48Lox distributor hangs and does not respond to requests2024-02-27T11:28:53ZCecylia BocovichLox distributor hangs and does not respond to requestsWhile testing the Lox distributor functions today, I noticed it sometimes gets into a bad state where it hangs indefinitely and does not respond to requests. When trying to curl the open invitation endpoint I got a 504 response:
```
$ cu...While testing the Lox distributor functions today, I noticed it sometimes gets into a bad state where it hangs indefinitely and does not respond to requests. When trying to curl the open invitation endpoint I got a 504 response:
```
$ curl -I -X POST https://rdsys-frontend-01.torproject.org/lox/invite
HTTP/2 504
server: nginx
date: Wed, 17 Jan 2024 01:21:18 GMT
content-type: text/html
content-length: 160
```
Looking at the logs, I don't see anything unusual:
```
Jan 16 23:39:16 rdsys-frontend-01 lox-distributor[1209121]: Writing context to the db with key: "context_2024-01-16_23:39:16"
Jan 16 23:41:16 rdsys-frontend-01 lox-distributor[1209121]: BridgeLine [scrubbed] no longer in bridge table.
Jan 16 23:41:16 rdsys-frontend-01 lox-distributor[1209121]: BridgeLine [scrubbed] no longer in bridge table.
Jan 16 23:41:16 rdsys-frontend-01 lox-distributor[1209121]: BridgeLine [scrubbed] NOT replaced, saved for next update!
```
The distributor responds again after restarting it.Lox Ready for Open Testing Callonyinyangonyinyanghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/issues/40012Domain fronting requests don't work on some older Android versions2024-03-12T00:09:26ZPier Angelo VendrameDomain fronting requests don't work on some older Android versionsTor Browser for Android supports old versions of Android (API21, i.e., Android Lollipop).
While 13.5a3 doesn't work there because I used some NIO API that requires API26+, I've opened a MR to fix this (tpo/applications/tor-browser!894)....Tor Browser for Android supports old versions of Android (API21, i.e., Android Lollipop).
While 13.5a3 doesn't work there because I used some NIO API that requires API26+, I've opened a MR to fix this (tpo/applications/tor-browser!894).
While checking if things worked, I noticed that domain fronting requests don't (I don't get the special countries list).
As written in that MR, I tried to enable logging (I added `"-enableLogging", "-logLevel", "DEBUG", "-unsafeLogging"` as arguments), but I could get only these messages:
```
2024/01/22 10:20:23 [NOTICE]: obfs4proxy-0.0.14 - launched
2024/01/22 10:20:23 [INFO]: libObfs4proxy.so - initializing client transport listeners
2024/01/22 10:20:23 [INFO]: meek_lite - registered listener: 127.0.0.1:55852
2024/01/22 10:20:23 [INFO]: libObfs4proxy.so - accepting connections
2024/01/22 10:20:23 [WARN]: meek_lite(bridges.torproject.org:443) - closed connection: readfrom tcp 127.0.0.1:55852->127.0.0.1:48836: io: read/write on closed pipe
```
I think there might be some problems with some HTTPS certificate (at least letsencrypt had this problem a few years ago, indeed cohosh mentioned snowflake#40087. Fastly isn't using letsencrypt, but maybe they have a similar problem).
I can open bridges.torproject.org both in TBA and in the system browser, but I can't open https://moat.torproject.org.global.prod.fastly.net/ because it has a wrong certificate.
I don't think I'm using the latest version of Lyrebird, because in the last one the log file should be called lyrebird.log (I submitted a patch for that, unless I missed the log filename), but I can try to build one from a nightly build.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/bridge-port-scan/-/issues/8Create a debian package2024-02-15T16:41:17ZKezCreate a debian packageThe deploy process would be greatly simplified with a debian package. No more having to go through a manual build and deploy process, we could just build the package, and install it. Unfortunately, several of the go dependencies aren't p...The deploy process would be greatly simplified with a debian package. No more having to go through a manual build and deploy process, we could just build the package, and install it. Unfortunately, several of the go dependencies aren't packaged. Specifically, we're missing golang-github-pion-sdp-dev, golang-github-pion-stun-dev, golang-github-pion-webrtc.v3-dev, and golang-snowflake-dev.
I tried a custom build script instead of `dh-golang`, but it didn't go very well. I ended up getting the build working right, but not the install. I'm documenting my efforts here in case someone wants to try to pick it up in the future.
Here's the rules file I came up with. I had to install dart-sass and go manually. That's because dart-sass is not packaged, and debian's version of go is too old (1.15, needs 1.17 for the net.IP.IsPrivate method).
```makefile
#!/usr/bin/make -f
%:
#dh $@ --builddirectory=_build --buildsystem=golang --with=golang
python3 -m venv /tmp/venv
. /tmp/venv/bin/activate
curl -fsSL -o /tmp/dart-sass.tar.gz https://github.com/sass/dart-sass/releases/download/1.70.0/dart-sass-1.70.0-linux-x64.tar.gz
tar xC /tmp -f dart-sass.tar.gz
curl -fsSL -o /tmp/go.tar.gz https://go.dev/dl/go1.21.6.linux-amd64.tar.gz
tar xC /tmp -f go.tar.gz
pip install lektor pybabel
pip install -r frontend/lego/lektor-requirements.txt
env PATH="/tmp/dart-sass:/tmp/go/bin:$$PATH" bash build.sh
override_dh_auto_install:
dh_auto_install -- --no-source
```https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40327snowflake-01: Rotate snowflake-server.log2024-02-27T11:28:05ZLinus Nordberglinus@torproject.orgsnowflake-01: Rotate snowflake-server.log`/var/log/snowflake-server/snowflake-server.log` size is at 1.3G and should be rotated and compressed.
Should the process(es) writing to the file be informed somehow? Like what is done by logrotate(8) prerotate and postrotate.`/var/log/snowflake-server/snowflake-server.log` size is at 1.3G and should be rotated and compressed.
Should the process(es) writing to the file be informed somehow? Like what is done by logrotate(8) prerotate and postrotate.Linus Nordberglinus@torproject.orgLinus Nordberglinus@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/bridge-port-scan/-/issues/9Create a CI pipeline2024-02-15T16:40:54ZKezCreate a CI pipelineThis project could benefit from a CI pipeline. It would make sure that no broken builds make their way into the main branch.
PortScan is outside the tpo/web namespace, so it often gets forgotten during lego updates. A scheduled pipeline...This project could benefit from a CI pipeline. It would make sure that no broken builds make their way into the main branch.
PortScan is outside the tpo/web namespace, so it often gets forgotten during lego updates. A scheduled pipeline could update lego and attempt a build to make sure no future lego updates break PortScan.https://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/54Blocked spare or undistributed bridges2024-02-27T11:28:28ZonyinyangBlocked spare or undistributed bridgesWhen written, Lox did not consider that spare/undistributed bridges may become blocked.
In Lox's threat model, if bridges aren't distributed, this shouldn't happen. However, since rdsys is the source of truth for whether or not bridges a...When written, Lox did not consider that spare/undistributed bridges may become blocked.
In Lox's threat model, if bridges aren't distributed, this shouldn't happen. However, since rdsys is the source of truth for whether or not bridges are blocked, it's theoretically possible that a spare or undistributed bridge may be marked as blocked in a certain region in rdsys, despite that bridge not having been distributed.
In reality though, _might_ a bridge actually be marked as blocked if it hasn't been distributed (i.e., if it only exists in a spare bucket)?
One way I'm imagining this _could_ happen is if a particular block of bridges that have a common feature are blocked. We may assume, or test these bridges for reachability, and determine that they are blocked, regardless of whether or not they have been distributed. However, I think in most situations like this we would not consider these bridges as being blocked as a result of a censor blocking a bridge they learned about through Lox. In this case, we could just call these bridges `not-working` and replace them with `working` bridges rather than marking them as blocked and allowing migrations to new buckets.
If there are additional instances where bridges that are not distributed are marked as blocked though, these bridges should be handled differently. There's no point in having marked a spare bridge as blocked since it hasn't been distributed, so it should just be removed. The Lox authority currently does not include this logic, but could if necessary. Probably Lox will have to be deployed for sometime before we can definitively say whether or not there is any reason to consider this problem.onyinyangonyinyanghttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/55Bridge replace flakey II2024-02-27T11:25:08ZonyinyangBridge replace flakey IIThe `bridge_replace` function is flakey again after adjusting the logic to remove spare buckets first and adding the `ReplaceSuccess::Removed` option.`The `bridge_replace` function is flakey again after adjusting the logic to remove spare buckets first and adding the `ReplaceSuccess::Removed` option.`Lox Ready for Open Testing Callonyinyangonyinyanghttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40328snowflake deb runs as root, and it should do something safer than that2024-02-27T11:24:09ZRoger Dingledinesnowflake deb runs as root, and it should do something safer than thatI installed the snowflake-proxy deb (version 2.5.1-1+b3) and used "systemctl start snowflake-proxy" to tell it to start.
Now I have a proxy process running as root! Wow, I did not expect this.
Should we make a separate user and run the...I installed the snowflake-proxy deb (version 2.5.1-1+b3) and used "systemctl start snowflake-proxy" to tell it to start.
Now I have a proxy process running as root! Wow, I did not expect this.
Should we make a separate user and run the snowflake proxy as that user? Or is it secretly dropping privileges and the root part is not accurate?https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/issues/890.7.3 rejected from mozilla2024-03-28T04:37:33Zmeskiomeskio@torproject.org0.7.3 rejected from mozillaWe got this email:
> Due to issues discovered during the review process, one or more versions of your add-on Snowflake will be disabled on addons.mozilla.org in 14 day(s). Please
> see the reviewer’s comments below for more information.
...We got this email:
> Due to issues discovered during the review process, one or more versions of your add-on Snowflake will be disabled on addons.mozilla.org in 14 day(s). Please
> see the reviewer’s comments below for more information.
>
> ********
> Details:
> - Reproducing the submitted release version based on the provided source code package and instructions failed.
>
> You can access the console output at https://paste.mozilla.org/kOCS6sFe
> Environment used for building: Node 20.10.0, npm 10.2.3 on Ubuntu 22.04 LTS x64 (10GB RAM, 6 CPUs)
>
> Please test your build in a clean environment to make sure it is reproducible. If necessary, update the source code package and/or the instructions to
> reproduce.
> Please read through the instructions at https://extensionworkshop.com/documentation/publish/source-code-submission/ .
>
> Version(s) affected:
> 0.7.3
> ********
>
> Please address the issues raised in the reviewer's notes and inquire about any unclear items. Afterwards, please upload a new version of your add-on at
> https://addons.mozilla.org/en-US/developers/addon/torproject-snowflake/versions.
>
> To respond, please reply to this email or visit https://addons.mozilla.org/en-US/developers/addon/torproject-snowflake/versions. If we do not hear from you
> within 14 day(s) of this notification, these versions will be removed from addons.mozilla.org. Current users of these versions will be unaffected.Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/tpo/anti-censorship/lox/-/issues/57Create a detailed workflow for investigating and responding to blocked Lox br...2024-02-26T17:32:10ZonyinyangCreate a detailed workflow for investigating and responding to blocked Lox bridgesThough automating the detection of blocked bridges has been a [long term goal](https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40035), discussed [here](https://gitlab.torproject.org/tpo/anti-censorship/rdsy...Though automating the detection of blocked bridges has been a [long term goal](https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issues/40035), discussed [here](https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/112) as well, we should have a detailed workflow for how we will handle getting reports of blocked bridges, how often we will manually update bridge statuses for Lox bridges and who will be responsible for these updates during our test deployment.Lox Ready for Open Testing Callonyinyangonyinyang