Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
Phone (Toronto): 416 848 3114 x92 Conf: 95316#
Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Agenda

Whiteboard tags for prioritization
- https://wiki.mozilla.org/Security_Severity_Ratings (Whiteboard Tags)
New Hire Filing Security Bugs - https://mana.mozilla.org/wiki/display/INFRASEC/Filing+Security+Bug
change to keywords only - starting Friday ^^ same link
Goals - Please keep status up to date - https://mana.mozilla.org/wiki/display/INFRASEC/2012+-+Q2+Goals
BaseCamp - https://intranet.mozilla.org/Products/Basecamp
[time permitting] Security game concept
Bug Bounty Hall of Fame
Block Listing

Meeting Notes

Security Review Status (curtisk)

Project Updates

Please don't leave blank. Add "No Update" if nothing has changed

Silent updates (rforbes / dveditz)

B2G (Paul Theriault)

Work week was great success - Security Model https://wiki.mozilla.org/Apps/Security - What types can get what permissions: https://wiki.mozilla.org/Apps/Security/Permissions - Security Reviews: https://wiki.mozilla.org/Security/B2G#B2G_Security_Review_Work Other notes:

- Trusted apps are proposed to be delivered in signed app-cache mechanism (lucas investigating)
- Desire to relax same domain for trusted apps (similar to the way a native app can embed a "webview")
- Priorities, and other useful information https://docs.google.com/spreadsheet/ccc?key=0AiBigu584YY7dGlNSlY0QzhJb3M5anRBa1gxalV0Y3c#gid=0

Thunderbird (Adam Muntner)

- IM-in-Tb to ship preff'ed on for Tb15

Rust (Jesse Ruderman)

Mobile (David Chan)

Sync (David Chan & Yvan Boily)

Services (David Chan & Yvan Boily)

Social - Pancake (Mark Goodwin)

Frantically fixing bugs - main concern for me is the CEF stuff - this will be fixed for general release

Jetpack, Add-on SDK, Add-on Builder (Dan Veditz)

JS (Christian Holler)

[decoder] IonMonkey:
- Lands in 1 month on mozilla-central, working with gkw on intensive testing:
  - [Jesse & gkw] fixing up --random-flags support, reviewing underway
  - Regular fuzzing (now additionally with ion disabled to cover this case), still finding lots of bugs
  - Soon differential testing (correctness fuzzing)
  - Testing with Address Sanitizer
- Chunked Compilation won't be implemented into IonMonkey before landing to reduce the regression potential and to focus more on existing bugs.
[decoder] ParallelArray:
- Sequential implementation of Intel ParallelArray spec: https://bugzilla.mozilla.org/show_bug.cgi?id=711304
  - Currently only on IonMonkey branch, unclear when it will land/be exposed to content => needs fuzz testing.
[gkw & Jesse] refactoring of downloadBuild and bot.py done and landed!
- Likely to have regressions, waiting of some stuff in releng and for Jesse's KVM to arrive

DOM, XPConnect (Jesse Ruderman)

Layout, Style (Jesse Ruderman)

Automation Tools (Gary Kwong)

[decoder] ADBFuzz now deployed on 5 Tegras, running domfuzz and jsfunfuzz.
- Tracking fennec-native bugs here: https://bugzilla.mozilla.org/show_bug.cgi?id=754838

Web Developer Tools (Mark Goodwin)

Devtools *rock*. Started detailed review of monitor and debugger. Found some issues with the protocol implementation (used by both debugger and HTTPMonitor); jimb is fixing these. Found a limitation of remote debugging - don't think it's security related tho. Reviews for HTTPMonitor (21st?) and Debugger (the rest - don't know when - robcee to arrange) soon - check calendar.

Networking (Christoph Diehl)

No update - busy with B2G SMS/RIL

Graphics (Christoph Diehl) =

No update

Networking ( Media / Codecs)

Market (Raymond Forbes)

friends and family launch happened. please buy apps.

Firefox APIs (Raymond Forbes)

Payment Flow (Raymond Forbes)

no update

App Sync (David Chan)

Dynamic API Security Model (Raymond Forbes)

setting up a meeting to discuss one-app per origin or muliple domains per app.

WebRT (Raymond Forbes)