Security/Meetings/2011-12-28

From MozillaWiki
Jump to: navigation, search

Stuff (lucas)

  • review goals, finalize in Jan
  • changes to team embedding, discussion in Jan when everyone is back from PTO

Rapid Impact Team (lucas)

  • jpr proposed a rapid impact team idea: "like crashkill and critsmash but with a fuse"
    • defined goals in a defined time, ad-hoc team; fix issue and disband
      • blackhole infection, search hijacking are first 2 proposed items (need people from secteam, will figure out at next team meeting)

Transition Stuff

  • bsterne is leaving MoCo at the end of December 2011 :(
    • ಠ_ಠ
    • bsterne's tools --> github, dveditz
    • bsterne's team embedding assignments (WebAPI, Open Web Apps) --> dchan
    • bsterne to continue to work on CSP spec as an invited expert, along with CSP patches and reviews

Reddit IAmA (jesse)

Sync+BrowserID heads up (sid)

  • teams looking at using BrowserID to authenticate to sync
  • ... and making the setup-new-device flow just BrowserID authentication (rather than password + high-entropy piece for new devices)
    • there was an alternative proposal a week or so ago to have BrowserID service providers store the sync key
  • may involve product v. privacy/security trade-offs
    • trying to design best solution for a balance

Survey from project management (jesse)

Security review questionnaire

  • need to make decisions on this course
  • if we decide to do we need IT resources