Security/B2G/2013 11 26
From MozillaWiki
Contents
FirefoxOS Security Team Meeting
1pm PST, B2G Vidyo room Prior notes are here: https://wiki.mozilla.org/Security/B2G/2013_11_19
Agenda Items
Agile all the things! http://scrumbu.gs/p/firefox-os-security-reviews/
- entrance criteria filter actionable reviews
- gives better estimate of workload we can take per sprint
- points to estimate the size of a review (size = difficulty, not hours)
- small gaia review (1 day): 1 pt - basic gecko api review: 3 pts
- [cr] OpenPGP.js integration meeting now every other week (Mo, 18h CET), notes here: https://etherpad.mozilla.org/openpgpjs (woot!)
- [cr] Sec Review Training concept emerging: https://etherpad.mozilla.org/SecReviewTraining
- [cr] Sebastian Regler wanting to do FxOS FDE work for BA (kang started communicating with him on cr's req as well)
- [arroway] Firefox OS Account: I talked to Jed Parsons (jedp), the core features implementation won't change a lot when it has landed on mozilla-central on Dec 9th (most of the remaining work will be testing and UX)
- ready to be reviewed - gecko patches: https://bugzilla.mozilla.org/show_bug.cgi?id=936688 - gaia: https://github.com/borjasalguero/gaia/tree/fxa_proposal_complete
[kang] secreview stuff for pauljt (feedback always welcome):
https://mana.mozilla.org/wiki/display/SECURITY/Project+Risk+Review (draft/in progress)
https://mana.mozilla.org/wiki/display/SECURITY/DuoSecurity+2FA+Review#DuoSecurity2FAReview-RiskAssessment (earlier version sample)
Sandbox targetted for 1.4 (?) w/ kernel support from partners
marta: wants a work week for working on various things (incl. supervisor)
marta: req a deadline for supervisor
- FxOSSec standups channel, rogerroger: i did stuff
Web Interface: http://standu.ps/project/fxossec
Previous Action Items
New Action Items
- post in standups
Goal Status Updates
Other stuff
Security guidelines for partners: https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0Ap-jgPe0UrMhdG5SMFJIckJBNnJfNlJHWUtLZFBMN3c#gid=0 Feel free to send suggestions
