Security/Meetings/2011-11-09
From MozillaWiki
Contents
- 1 Community steward
- 2 MozCamp Asia
- 3 MozCamp EU
- 4 travel recap
- 5 Stats project
- 6 SecReviews
- 7 B2G/Apps Update
- 8 Address Sanitizer
- 9 Silent Updates
- 10 Ownership of joint infrasec/prodsec projects
- 11 Embedding
- 12 Privacy Round-up
- 13 Recently completed SecReviews
- 14 What does Adobe dropping Mobile Flash mean for us?
Community steward
- (q4 goal)
- Who wants to be a steward?
- https://wiki.mozilla.org/Stewards
- [curtisk] I have been talking to them about this already
- act as contact for now, will identify right people for the correct activities as needed
- Presentation about Stewards
MozCamp Asia
- Fuzz-testing in Mozilla (Gary)
- It's on the interim schedule
- Draft is out - please keep the feedback coming
MozCamp EU
- New Security Features in Firefox (curtisk)
- Slides out for review to team
travel recap
- Lucas and Dan went to Bluehat
- Curtis talked at SkyDogCon (video)
Stats project
- please review bug list for ones that should be removed
- remove from chemspill data (found by Lucas)
- 594699
- 590978
- 440230
- 441120
- 334515
SecReviews
- use of Vidyo for review meetings
- I thought they were supposed to be public? < can still dial in
- please make sure to publish the phone # still for people who can't do vidyo
- we can also make a vidyo room with URL for public connection (I think)
- changes to assigned tasks
- completion timeframe/date
B2G/Apps Update
- B2G has a roadmap with 3 major milestones: https://wiki.mozilla.org/B2G/Roadmap
- bsterne to go back and look at Android threat model development and sec research history
- Fuzz-testing the APIs should be on the radar in the future
- App Store developer preview planned for 11/22:
https://docs.google.com/document/d/1Fn0rO8sjmbn3dQh_F53nd-WYgpRYgaaCfjnNXBK7hx8/edit
- there is a live environment there now, we should coordinate with InfraSec on testing it [bsterne]
Address Sanitizer
- Now tracked in https://bugzilla.mozilla.org/show_bug.cgi?id=699520
- gkw confirmed the compile failure using modified Clang from Address Sanitizer
- Described workarounds for compiler failures but ran into different problems
- gkw confirmed the compile failure using modified Clang from Address Sanitizer
- Have cc'ed the relevant devs, but largely blocked till this gets worked on
Silent Updates
- status
- concerns about bake time
Ownership of joint infrasec/prodsec projects
- DRI
Embedding
Privacy Round-up
No reason to talk about this stuff, just items here for reference.
- sec/privacy browserid.org brownbag today @ noon
- Privacy review: Privacy/Reviews/BrowserID.org
- feedback welcome (email sid)
- Privacy review: Privacy/Reviews/BrowserID.org
- discussing enabling Telemetry by default on Nightly/Aurora bug 699806
- Blogged about not enabling DNT by default: http://blog.mozilla.com/privacy/2011/11/09/dnt-cannot-be-default/
Recently completed SecReviews
What does Adobe dropping Mobile Flash mean for us?
- Speculation
- More speculation