SecurityEngineering/MeetingNotes/2014-02-06
From MozillaWiki
Agenda 2014-02-6 CHAIR: Monica
- Q1 Goals Recap
- Cert revocation: doing ok
- Sandboxing: Slow, billm may pitch in, still on track
- Tracking protection: may convert into adopting and improving Lightbeam
- CSP rewriting: ckerschb stalled on MCB maintainance, deprecation of CSP X-header plan in progress
- https://wiki.mozilla.org/Privacy/Features/Shortened_HTTP_Referer_header
- referrer policy per-site: bug 966505
- Readonly update from bobowen (working on follow up bugs to iframe sandbox issues)
- bug 960506: Source Browsing Context for i/frame src/srcdoc navigation - waiting review.
- bug 624883: Forbid view-source in frames - r+, waiting for final full try push before landing.
- bug 951991: Entry Global stuff for bholley - hope to get back to bholley and bz tomorrow with my first set of proposals for places where these changes are needed.
- After that I'll (or more accurately they'll) know whether I'm going to be able to take this on: bug 885140: Timeouts for sandbox navigation tests - I'll start on this tomorrow.
- Leftover safebrowsing work
- Verification of windows binaries complete
- Converting everything to SSL broke in 29 (already fixed)
- Cansec West is coming up, dveditz is going
- Crypto-II Think coming up Feb 24 (sid, grobinson)
Action items:
- Sid: Send out doodle or email for new UK-friendly meeting time
- THIS: http://doodle.com/q2zmnpqbidmayiir
- DUE NEXT WEEK. FILL IT OUT NAUGH!
- Garrett: Send mail to dev-security about CSP X-header deprecation plan
- also maybe some mozilla web-dev lists/folks? I guess we're not using it much anymore
- probably need to update bsterne's wordpress plugin! (used on the Mozilla security blog)
- Garrett: send mail about the new security module to governance
- send note to dev-platform as well
- Sid: Update shared bugzilla search: https://bugzilla.mozilla.org/buglist.cgi?cmdtype=dorem&remaction=run&namedcmd=seceng%20waiting%20for%20reviews&sharer_id=339203&list_id=9382152