Standing Agenda

• Q4 Goals Recap -
• Review currently active (P1) features against their established milestones, identify any blockers - Security/Roadmap + Privacy/Roadmap
• Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
• Suggest additions or changes to roadmaps
• Detailed discussion of features or outstanding issues as time permits
• Additional Items
• Upcoming events, OOO/travel, etc.

Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/10-25-12

Q4 Goals

• Land CSP 1.0
• Deliver integrated Payments and ID for B2G
• Host security community event (public brownbag on 11/13)

Click-to-Play

Two outstanding issues. Some CTP in FF17 release plan changes.

• bug 800018
  • binding attaching bugs. Affects a few sites. Hope to fix for FF18
• bug 810082
  • invisible or hidden plugins make some sites break and the UI to activate plugins may not be discoverable.
  • (keeler - https://bugzilla.mozilla.org/show_bug.cgi?id=782654 - See comments 29, 30, and 31)

Indiana Recap

At Rose-Hulman Institute of Technology

• Let Sid know about 10 or 30 week project ideas.
  • These are for juniors and seniors in software engineering -- like to work with real companies.

Brown Bag anticipation

• Slides (https://docs.google.com/a/mozilla.com/presentation/d/1TXRICpAqw8ZbE2lD35t11GHc0uev0a5lyKOlBGm_kiM/edit#slide=id.g32d49009_2_35) - missing Tanvi, Monica, David Dahl, Lucas (if he has anything), and Sid's slides. Camilo needs to fix formatting. Add pictures if you can.
  • Put your contact info on your slide
• Timing and order can be found here: https://etherpad.mozilla.org/l33tbrownbag
• Punch & Pie - 5 Apple, 5 Pumpkin, 2 Gallons of Punch, 2 cans of whipped cream.
• Run through Monday 3:00-4:30pm
• Can non-mozillians come? Yes if they are signed in.
• Reminder email on Monday. Lightning talk on Monday.
• tweet!!!
  • https://air.mozilla.org/new-security-and-privacy-features-in-firefox/
• Outing afterwards. 1:00-4:00 blocked off. Mini golf or Lunch.

Mixed Content Progress Update

• Bug 803255 - waiting for review
• Bug 802905 - r+ but try failures, so I must have missed some place where we are counting on TYPE_OTHER for csp reports.

Moar TPAC

• ddahl demos a "bridge" api for in-browser encryption and decryption
• lots of CSP 1.0 open issues were hammered out
  • 1.1 experimental features were added
  • and the webappsec WG wants to find other projects within the charter