|
|
STATUS COLOR CODE:
|
|
|
|
|
|
* GREEN = WILL GET DONE BY EOM
|
|
|
* YELLOW = MOST OF IT DONE BUT NOT FINISHED BY EOM
|
|
|
* RED = EITHER DECIDED TO DROP IT OR JUST STARTED THE TASK OR IS MOVING TO THE NEXT MONTH
|
|
|
|
|
|
|
|
|
|
|
|
## Previous Roadmaps
|
|
|
* [2016 Winter Dev Meeting Tor Browser Roadmap](https://trac.torproject.org/projects/tor/wiki/org/roadmaps/TorBrowser/2016WinterTorBrowserRoadmap)
|
|
|
* [2015 Summer Dev Meeting Tor Browser Roadmap](https://trac.torproject.org/projects/tor/wiki/org/roadmaps/TorBrowser/2015SummerTorBrowserRoadmap)
|
|
|
* [2015 Winter Dev Meeting Tor Browser Roadmap](https://trac.torproject.org/projects/tor/wiki/org/roadmaps/TorBrowser/2015WinterTorBrowserRoadmap)
|
|
|
|
|
|
## Current Roadmap for Tor Browser
|
|
|
### Deliverables from proposals submitted
|
|
|
#### Proposal 1
|
|
|
Timeline: 12 months
|
|
|
|
|
|
The roadmap below was done at the Seattle Tor Meeting for a contract that starts Dec 2016 and ends on Nov 2017. It got amended during the Amsterdam Tor Meeting in March 2017.
|
|
|
|
|
|
### Roadmap Dec 2016 - Nov 2017
|
|
|
#### December
|
|
|
* **Objective 3.3:** Improve Browser Sandboxing
|
|
|
* **Activity:** Explore sandboxing options and adopt Mozilla’s sandbox when ready.
|
|
|
|
|
|
* **Objective 3.4:** Eliminate emergent privacy holes in the browser foundation
|
|
|
* **Activity 1:** Review and alter or disable new browser features based on security and privacy risk
|
|
|
|
|
|
* **Objective 3.7:** Increase response capacity for new defenses and capabilities
|
|
|
* **Activity 1:** Update our build system to handle subsequent Firefox ESR releases.
|
|
|
* **Activity 3:** Optimize build processes (switch to rbm)
|
|
|
|
|
|
#### January:
|
|
|
**IMPORTANT DATE:** 2017-01-24 where we probably want to get 6.5 out
|
|
|
|
|
|
* **Objective 3.6:** Patch cleanup & merge with Firefox
|
|
|
* **Activity 1:** Review the new features and changes in each Firefox ESR release for privacy and Tor safety.
|
|
|
|
|
|
#### February:
|
|
|
* **Objective 3.2:** Reduce exposure to unknown future vulnerabilities
|
|
|
* **Activity 1:** Continue to explore hardening compilers and hardening options.
|
|
|
|
|
|
* **Objective 3.1:** Further defend against profiling through browser fingerprinting attacks
|
|
|
* **Activity 2:** Integrate a custom Panopticlick Instance.
|
|
|
|
|
|
#### March:
|
|
|
**IMPORTANT DATE:** 2017-03-07 where Fx 52 gets out
|
|
|
|
|
|
#### April:
|
|
|
* **Objective 3.1:** Further defend against profiling through browser fingerprinting attacks
|
|
|
* **Activity 1:** Continue to improve third party tracking and fingerprinting defenses.
|
|
|
|
|
|
#### May:
|
|
|
**IMPORTANT DATE:** 2017-05-15 we should aim to be ready for Firefox 52.2
|
|
|
|
|
|
* **Objective 3.2:** Reduce exposure to unknown future vulnerabilities
|
|
|
* **Activity 2:** Test impact and viability of hardening options.
|
|
|
|
|
|
#### June:
|
|
|
**IMPORTANT DATE:** 2017-06-13 where Firefox 52.2 is getting out
|
|
|
|
|
|
* **Objective 3.4:** Eliminate emergent privacy holes in the browser foundation
|
|
|
* **Activity 2:** Rigorously memory safety test (eg: fuzzing) using Address Sanitizer builds.
|
|
|
|
|
|
#### July:
|
|
|
* **Objective 2.1:** Improve usability of “Tor Launcher” censorship configuration wizard
|
|
|
* **Activity:** Improve usability of Tor Browser initial configuration (“Launcher”) UI.
|
|
|
|
|
|
#### August:
|
|
|
* **Objective 2.2:** Improve accessibility of censorship-circumvention “Bridges”
|
|
|
* **Activity:** Implement Automatic Bridge discovery for censored users.
|
|
|
|
|
|
* **Objective 3.7:** Increase response capacity for new defenses and capabilities
|
|
|
* **Activity 2:** Improve build automation and tooling to enable more builds (specifically 64 bit Windows).
|
|
|
|
|
|
#### September:
|
|
|
* **Objective 3.6:** Patch cleanup & merge with Firefox
|
|
|
* **Activity 2:** Update and merge as many of our current patches with Mozilla as possible.
|
|
|
|
|
|
#### October:
|
|
|
* **Objective 3.5:** Enhance Tor Browser’s “Security Slider” security configuration wizard.
|
|
|
|
|
|
* **Objective 3.2:** Reduce exposure to unknown future vulnerabilities
|
|
|
* **Activity 3:** Test Undefined Behavior Sanitizer (UBSan) support.
|
|
|
|
|
|
### Additional Bugs to Consider
|
|
|
#17400 (could be part of obj 3.7!?), #9675, #21542 |
|
|
\ No newline at end of file |