« previous week | index | next week »

• Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
• Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
• Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
• Phone (Toronto): 416 848 3114 x92 Conf: 95316#
• Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Contents 1 Agenda 2 Security Review Status (koenig) 3 Operations Security Update (Joe Stevensen) 4 Project Updates 4.1 Silent updates (rforbes / dveditz) 4.2 B2G (Paul Theriault, David Chan) 4.3 Thunderbird (Adam Muntner) 4.4 Rust (Jesse Ruderman) 4.5 Mobile (Mark Goodwin) 4.6 Sync (Simon Bennetts & Adam Muntner) 4.7 Services (Simon Bennetts & Adam Muntner) 4.8 Social - Pancake (Mark Goodwin) 4.9 Jetpack, Add-on SDK, Add-on Builder (Dan Veditz) 4.10 JS (Christian Holler) 4.11 DOM, XPConnect (Jesse Ruderman) 4.12 Layout, Style (Jesse Ruderman) 4.13 Automation Tools (Gary Kwong) 4.14 Web Developer Tools (Mark Goodwin) 4.15 Networking (Christoph Diehl) 4.16 Graphics (Christoph Diehl) = 4.17 Networking ( Media / Codecs) 4.18 Market (Raymond Forbes) 4.19 Firefox APIs (Raymond Forbes) 4.20 Payment Flow (Raymond Forbes) 4.21 App Sync (David Chan) 4.22 Dynamic API Security Model (Raymond Forbes) 4.23 WebRT (Raymond Forbes) 4.24 BrowserID 4.25 Identity Services (David Chan) 4.26 Addons.M.O (Raymond Forbes) 4.27 Bugzilla.M.O (Mark Goodwin & Eric Parker) 4.28 Mozillians (Raymond Forbes) 4.29 MDN (Raymond Forbes) 4.30 SUMO (Kitsune) ()

Agenda

• Intros
• Q2 Goals Recap
  • Nice work
  • https://mana.mozilla.org/wiki/display/INFRASEC/2012+-+Q2+Goals
  • https://intranet.mozilla.org/index.php?title=2012Q2Goals#Security_Assurance
• Q3 Goals
  • https://intranet.mozilla.org/2012Q3Goals#Security_Assurance
• Horizons
• Goals - Please keep status up to date - https://mana.mozilla.org/wiki/display/INFRASEC/2012+-+Q2+Goals
• https://wiki.mozilla.org/Security/RiskRatings#Business_Risk_Ranking
• [decoder] On PTO, not in the meeting today
• [decoder] AddressSanitizer autobuilds for mozilla-central broken (bug 772046), some problem caused by WebRTC code. Trying to workaround with --disable-webrtc right now.
• [pauljt] b2g progress, landing thick and fast at the moment. May need help over the next month, going to confirm deadlines for sec reviews at today's b2g meeting
• [gkw] brownbag tomorrow at 1pm PT in Ten Forward, "Challenges to Mozilla adoption in China"
  • Plugins!

Pauljt PTO from 31st July for the two weeks prior to our work week.

Security Review Status (koenig)

• Completed in Q2 2012: 44
• Number of Reviews Completed (so far this quarter): 1 (0)

https://bugzilla.mozilla.org/buglist.cgi?list_id=3665655;resolution=FIXED;chfieldto=Now;query_format=advanced;chfield=resolution;chfieldfrom=2012-06-30;type0-0-0=anywords;component=Security%20Assurance%3A%20Review%20Request;product=mozilla.org

• Number of Outstanding Reviews: 153 (144)

https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced;bug_status=UNCONFIRMED;bug_status=NEW;bug_status=ASSIGNED;bug_statuse=REOPENED;component=Security%20Assurance%3A%20Review%20Request;product=mozilla.org;list_id=3665622

Operations Security Update (Joe Stevensen)

• No update. Defining Q3 tactical goals this week.

Project Updates

Please don't leave blank. Add "No Update" if nothing has changed

Silent updates (rforbes / dveditz)

B2G (Paul Theriault, David Chan)

• vendor demo due 19th, lots of ptessure to land, especially appcache/jar &gfx.
• M4 target 20/7, lots landing at the moment
• Read the gaia summary! :) https://docs.google.com/document/d/1Q6VZAN4GI_3zUe1oILrsAlTR6ODUnF2xjpHq5LrNAdk/edit
• If you want to help, reviewing gaia apps would be a good place to start. These are relatively self-contained client side html apps. If you want to take one for review, please just let me know, or take the appropriate secreview bug (should be one for each app)

Thunderbird (Adam Muntner)

Rust (Jesse Ruderman)

Mobile (Mark Goodwin)

• No update (no engineering meeting last week)

Sync (Simon Bennetts & Adam Muntner)

Services (Simon Bennetts & Adam Muntner)

Social - Pancake (Mark Goodwin)

• The team is working on the last few pieces before we're ready for public release (mostly comms, etc). Currently queued for App Store review.

Jetpack, Add-on SDK, Add-on Builder (Dan Veditz)

JS (Christian Holler)

• [gkw, decoder] Provided fuzzing support for bug 771039 on request.

DOM, XPConnect (Jesse Ruderman)

Layout, Style (Jesse Ruderman)

Automation Tools (Gary Kwong)

• No update

Web Developer Tools (Mark Goodwin)

• No update

Networking (Christoph Diehl)

• Diving into Peach 3 - initial beta will be released at upcoming BlackHat
• Working on adding VoiceMail support to SMS fuzzer https://bugzilla.mozilla.org/show_bug.cgi?id=736710

Graphics (Christoph Diehl) =

• No update

Networking ( Media / Codecs)

Market (Raymond Forbes)

Firefox APIs (Raymond Forbes)

Payment Flow (Raymond Forbes)

App Sync (David Chan)

Dynamic API Security Model (Raymond Forbes)

WebRT (Raymond Forbes)

BrowserID

Identity Services (David Chan)

Addons.M.O (Raymond Forbes)

Bugzilla.M.O (Mark Goodwin & Eric Parker)

• No update

Mozillians (Raymond Forbes)

MDN (Raymond Forbes)

SUMO (Kitsune) ()