SecurityEngineering/MeetingNotes/11-08-12
From MozillaWiki
Contents
Standing Agenda
- Q4 Goals Recap -
- Review currently active (P1) features against their established milestones, identify any blockers - Security/Roadmap + Privacy/Roadmap
- Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
- Suggest additions or changes to roadmaps
- Detailed discussion of features or outstanding issues as time permits
- Additional Items
- Upcoming events, OOO/travel, etc.
Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/10-25-12
Q4 Goals
- Land CSP 1.0
- Deliver integrated Payments and ID for B2G
- Host security community event (public brownbag on 11/13)
Click-to-Play
Two outstanding issues. Some CTP in FF17 release plan changes.
- bug 800018
- binding attaching bugs. Affects a few sites. Hope to fix for FF18
- bug 810082
- invisible or hidden plugins make some sites break and the UI to activate plugins may not be discoverable.
- (keeler - https://bugzilla.mozilla.org/show_bug.cgi?id=782654 - See comments 29, 30, and 31)
Indiana Recap
At Rose-Hulman Institute of Technology
- Let Sid know about 10 or 30 week project ideas.
- These are for juniors and seniors in software engineering -- like to work with real companies.
Brown Bag anticipation
- Slides (https://docs.google.com/a/mozilla.com/presentation/d/1TXRICpAqw8ZbE2lD35t11GHc0uev0a5lyKOlBGm_kiM/edit#slide=id.g32d49009_2_35) - missing Tanvi, Monica, David Dahl, Lucas (if he has anything), and Sid's slides. Camilo needs to fix formatting. Add pictures if you can.
- Put your contact info on your slide
- Timing and order can be found here: https://etherpad.mozilla.org/l33tbrownbag
- Punch & Pie - 5 Apple, 5 Pumpkin, 2 Gallons of Punch, 2 cans of whipped cream.
- Run through Monday 3:00-4:30pm
- Can non-mozillians come? Yes if they are signed in.
- Reminder email on Monday. Lightning talk on Monday.
- tweet!!!
- Outing afterwards. 1:00-4:00 blocked off. Mini golf or Lunch.
Mixed Content Progress Update
- Bug 803255 - waiting for review
- Bug 802905 - r+ but try failures, so I must have missed some place where we are counting on TYPE_OTHER for csp reports.
Moar TPAC
- ddahl demos a "bridge" api for in-browser encryption and decryption
- lots of CSP 1.0 open issues were hammered out
- 1.1 experimental features were added
- and the webappsec WG wants to find other projects within the charter