SecurityEngineering/MeetingNotes/2014-02-06

From MozillaWiki
Jump to: navigation, search

Agenda 2014-02-6 CHAIR: Monica

  • Q1 Goals Recap
    • Cert revocation: doing ok
    • Sandboxing: Slow, billm may pitch in, still on track
    • Tracking protection: may convert into adopting and improving Lightbeam
    • CSP rewriting: ckerschb stalled on MCB maintainance, deprecation of CSP X-header plan in progress
  • https://wiki.mozilla.org/Privacy/Features/Shortened_HTTP_Referer_header
  • referrer policy per-site: bug 966505
  • Readonly update from bobowen (working on follow up bugs to iframe sandbox issues)
    • bug 960506: Source Browsing Context for i/frame src/srcdoc navigation - waiting review.
    • bug 624883: Forbid view-source in frames - r+, waiting for final full try push before landing.
    • bug 951991: Entry Global stuff for bholley - hope to get back to bholley and bz tomorrow with my first set of proposals for places where these changes are needed.
    • After that I'll (or more accurately they'll) know whether I'm going to be able to take this on: bug 885140: Timeouts for sandbox navigation tests - I'll start on this tomorrow.
  • Leftover safebrowsing work
    • Verification of windows binaries complete
    • Converting everything to SSL broke in 29 (already fixed)
  • Cansec West is coming up, dveditz is going
  • Crypto-II Think coming up Feb 24 (sid, grobinson)

Action items: