Security/Meetings/SecurityAssurance/2012-05-29

From MozillaWiki
Jump to: navigation, search


« previous week | index | next week »
  • Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
  • Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
  • Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
  • Phone (Toronto): 416 848 3114 x92 Conf: 95316#
  • Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Agenda

Meeting Notes

Security Review Status (koenig)

Project Updates

Please don't leave blank. Add "No Update" if nothing has changed

Silent updates (rforbes / dveditz)

  • "background updates" now on Firefox Nightly

B2G (Paul Theriault, David Chan)

This weeks reviews: - web activities - browser API - settings API Permissions Model work slowly making progress. - B2G team says multiprocess not ready for M3.

Thunderbird (Adam Muntner)

Rust (Jesse Ruderman)

Mobile (Mark Goodwin)

Getting to grips - i've got lots to learn here so I'll be taking some time for R&D

Sync (Simon Bennetts & Adam Muntner)

Services (Simon Bennetts & Adam Muntner)

  • tokenserver review slipped and in progress
  • mentioned that Simon is coming on board to help

Social - Pancake (Mark Goodwin)

The team are sorting out the last few bugs; looks in OK shape.

Jetpack, Add-on SDK, Add-on Builder (Dan Veditz)

JS (Christian Holler)

  • IonMonkey differential testing revealed already several correctness issues
  • [decoder & gkw] IonMonkey crash testing continues to find crash bugs on all platforms regularly

DOM, XPConnect (Jesse Ruderman)

Layout, Style (Jesse Ruderman)

Automation Tools (Gary Kwong)

  • [decoder] Working on automation for push-to-try builds (e.g. for ASan)

Web Developer Tools (Mark Goodwin)

No update (other than a secreview took place last week on the debugger).

Networking (Christoph Diehl)

  • Updated SMS fuzzer pushed to repository
    • supports mutation of PDUs including UDH/IEIs and UD in 7/8/16 bit encoding
    • waiting for more support of IEIs in B2G e.g. for MMS
  • In talks with the media team
    • gathering information and building a fuzz plan for all the protocols. (Not yet finished)
    • it should be doable to fuzz the important protos like STUN, TURN, SDP till the end of next month.

Graphics (Christoph Diehl) =

  • Voice codecs
    • will setup a fuzzing processs for Speex this afternoon; not yet activated in Firefox but the package provides a stand-alone executable and the processs should go smoothly.
    • other voice codecs would be G.711 and iLBC whereby iLBC is not yet integrated.

Networking ( Media / Codecs)

Market (Raymond Forbes)

Firefox APIs (Raymond Forbes)

Payment Flow (Raymond Forbes)

App Sync (David Chan)

  • no update, still working on mozApps navigator and client review

Dynamic API Security Model (Raymond Forbes)

WebRT (Raymond Forbes)

BrowserID

RFP will be awarded this week.

Identity Services (David Chan)

Addons.M.O (Raymond Forbes)

Bugzilla.M.O (Mark Goodwin & Eric Parker)

No update.

Mozillians (Raymond Forbes)

MDN (Raymond Forbes)

SUMO (Kitsune) ()