Security/Meetings/SecurityAssurance/2012-10-02

From MozillaWiki
Jump to: navigation, search


« previous week | index | next week »
  • Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
  • Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
  • Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
  • Phone (Toronto): 416 848 3114 x92 Conf: 95316#
  • Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Agenda

Security Review Status (curtisk)

https://bugzil.la/component%3A%22Security%20Assurance%3A%20Review%20Request%22%20-sw%3A%22%5Bneeds%20info%5D%22%20-sw%3A%22%5Bscore%3A%22

  • Number of reviews without deadline set: 97
    • Yours

https://bugzilla.mozilla.org/buglist.cgi?field0-0-0=cf_due_date;query_format=advanced;resolution=---;type0-0-0=isempty;component=Security%20Assurance%3A%20Review%20Request;product=mozilla.org;field1-0-0=assigned_to;type1-0-0=equals;value1-0-0=%25user%25

    • Overall

https://bugzilla.mozilla.org/buglist.cgi?field0-0-0=cf_due_date;query_format=advanced;resolution=---;type0-0-0=isempty;component=Security%20Assurance%3A%20Review%20Request;product=mozilla.org

Operations Security Update (Joe Stevensen)

Release Engineering security review update

Project Updates

Please don't leave blank. Add "No Update" if nothing has changed

Silent updates (rforbes / dveditz)

B2G (Paul Theriault, David Chan)

  • things keep breaking for testing
  • got a spare (mozilla) Nexus S in MV/SF if anyone needs to test before getting the dog fooding device (hint: its faster than the dog fooding device :P) (contact :kang)

Thunderbird (Adam Muntner)

Rust (Jesse Ruderman)

Mobile (Mark Goodwin)

  • Been working on Safe Browsing, reading private browsing code in prep. for upcoming review

Sync (Simon Bennetts & Adam Muntner)

Services (Simon Bennetts & Adam Muntner)

Social - Pancake (Mark Goodwin)

  • No update

Jetpack, Add-on SDK, Add-on Builder (Dan Veditz)

JS (Christian Holler)

  • [decoder] Extended LangFuzz to two ESX VMs as per Q3 goal

DOM, XPConnect (Jesse Ruderman)

  • DOM fuzzer: Now testing keystrokes
  • DOM fuzzer: Now testing under ASan continuously, on one machine

Layout, Style (Jesse Ruderman)

Automation Tools (Gary Kwong)

  • No update

Web Developer Tools (Mark Goodwin)

  • Devtools work week last week
    • I mostly hacked on things - helped with some GCLI commands etc
    • Also learned loads about all sorts of things from the devs there
    • Most interesting new stuff - remote everything (chrome debugging, web console), JS profiler

Networking (Christoph Diehl)

  • WebRTC
    • SDP fuzzer now supports RFC 4566 and 5245

Graphics (Christoph Diehl) =

  • No update

Networking ( Media / Codecs)

Market (Raymond Forbes)

Firefox APIs (Raymond Forbes)

Payment Flow (Raymond Forbes)

Dynamic API Security Model (Raymond Forbes)

WebRT (Raymond Forbes)

BrowserID

Identity Services (David Chan)

Addons.M.O (Raymond Forbes)

Bugzilla.M.O (Mark Goodwin & Eric Parker)

  • No update

Mozillians (Raymond Forbes)

MDN (Raymond Forbes)

SUMO (Kitsune) ()

AddressSanitizer (Christian Holler)

  • [decoder] We now have automated try pushes with tests running. Results are automatically scanned for ASan failures and mailed.