SecurityEngineering/MeetingNotes/11-08-12

From MozillaWiki
Jump to: navigation, search

Standing Agenda

  • Q4 Goals Recap -
  • Review currently active (P1) features against their established milestones, identify any blockers - Security/Roadmap + Privacy/Roadmap
  • Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
  • Suggest additions or changes to roadmaps
  • Detailed discussion of features or outstanding issues as time permits
  • Additional Items
  • Upcoming events, OOO/travel, etc.

Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/10-25-12

Q4 Goals

  • Land CSP 1.0
  • Deliver integrated Payments and ID for B2G
  • Host security community event (public brownbag on 11/13)

Click-to-Play

Two outstanding issues. Some CTP in FF17 release plan changes.

  • bug 800018
    • binding attaching bugs. Affects a few sites. Hope to fix for FF18
  • bug 810082

Indiana Recap

At Rose-Hulman Institute of Technology

  • Let Sid know about 10 or 30 week project ideas.
    • These are for juniors and seniors in software engineering -- like to work with real companies.

Brown Bag anticipation

Mixed Content Progress Update

  • Bug 803255 - waiting for review
  • Bug 802905 - r+ but try failures, so I must have missed some place where we are counting on TYPE_OTHER for csp reports.

Moar TPAC

  • ddahl demos a "bridge" api for in-browser encryption and decryption
  • lots of CSP 1.0 open issues were hammered out
    • 1.1 experimental features were added
    • and the webappsec WG wants to find other projects within the charter