Security/Meetings/SecurityAssurance/2012-05-01

From MozillaWiki
Jump to: navigation, search


« previous week | index | next week »
  • Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
  • Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
  • Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
  • Phone (Toronto): 416 848 3114 x92 Conf: 95316#
  • Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Agenda

Security Review Status (koenig)

Project Updates

Please don't leave blank. Add "No Update" if nothing has changed

Silent updates (rforbes / dveditz)

B2G (Paul Theriault)

  • Browser API is a bit more defined now (iframe mozbrowser) https://wiki.mozilla.org/WebAPI/BrowserAPI
  • B2G workweek in san diego next week
    • Define security review process/get team onboard
    • Review draft Web App Permission Process
  • Security reviews started moving slowly, but most features are not completed
    • Documenting threats in the meantime

Thunderbird (Dan Veditz)

Rust (Jesse Ruderman)

Mobile (David Chan)

  • no update

Sync (David Chan & Yvan Boily)

  • still working on sync 2.0

Services (David Chan & Yvan Boily)

  • notifications review being scheduled

Social - Pancake (Mark Goodwin)

Much frantic bug fixing going on in prep for public release. Some security stuff outstanding, but they won't be progressing without resolving.

Jetpack, Add-on SDK, Add-on Builder (Dan Veditz)

JS (Christian Holler)

  • [gkw] More ESR fuzzing
  • [gkw] Pushed along some Valgrind issues on TBPL

DOM, XPConnect (Jesse Ruderman)

Layout, Style (Jesse Ruderman)

Automation Tools (Gary Kwong)

  • Great feedback again for us getting ateam secreviews back on track
    • Embedding is effective

Web Developer Tools (Mark Goodwin)

I'm having fun on a first bug :D - little else to report.

Networking (Christoph Diehl)

  • Going to port Server-Sent DOM Events to Peach
  • Still working on SPDY v3

Graphics (Christoph Diehl) =

  • Going to re-test some older items with ASAN builds (graphite, icon, bitmap)
  • Filed more Opus bugs

Market (Raymond Forbes)

Launching soon?

Firefox APIs (Raymond Forbes)

Payment Flow (Raymond Forbes)

Apps in the Cloud (David Chan)

  • client needs review

Dynamic API Security Model (Raymond Forbes)

WebRT (Raymond Forbes)

BrowserID

- 3rd party review to be pushed

Identity Services (David Chan)

  • working on sign into browser

Addons.M.O (Raymond Forbes)

Bugzilla.M.O (Mark Goodwin & Eric Parker)

TellUsMore review is happening late this / early next week.

Mozillians (Raymond Forbes)

MDN (Raymond Forbes)

SUMO (Kitsune) ()