Plugins:PluginDirectory:2010-03-26: Difference between revisions

Jump to navigation Jump to search

Plugins:PluginDirectory:2010-03-26 (view source)

Revision as of 04:40, 26 March 2010

11 bytes added ,  26 March 2010
→‎Web Dev
Line 19: Line 19:
*** Les: Not sure, pending a close look at the bugs so far.
*** Les: Not sure, pending a close look at the bugs so far.
* Notification system  
* Notification system  
** Who should be notified when changes happen?
*** Les: A list would be nice; that, and/or I could look at building an admin tool and per-user preferences to manage who gets notifications
*** chofmann: maybe security@mozilla.org and maybe donner/qa to check out the change and validate content that will be served.
** Who should be on the hook to confirm changes?
*** Les: Hopefully not me; would be nice to have someone security-minded and plugin-informed to keep on top of it.  I can help build the tools, but would rather not also be the manager of the data.
*** maybe some model like we have for addons.  trusted group of amo-admins/editors reviews addons before they are released from the sandbox
** Who builds this into the directory?
*** Les: Probably me.
* Passwords
* Passwords
** Already changed admin and editor passwords.
** Already changed admin and editor passwords.
Line 45: Line 37:
*** Les: Probably me.
*** Les: Probably me.
*** Austin: If plugindir is compromised, then the webheads should be taken offline. The plugin check page will show an error (already built). We will have to take it offline to do intrusion detection analysis. This is my guess, probably need input from security before we build this, but maybe there is nothing to build?
*** Austin: If plugindir is compromised, then the webheads should be taken offline. The plugin check page will show an error (already built). We will have to take it offline to do intrusion detection analysis. This is my guess, probably need input from security before we build this, but maybe there is nothing to build?
* Auditing Tools (chofmann: this auditing stuff should just be treated as an extension of the notification system mentioned above.)
** Who should be notified when changes happen?
*** Les: A list would be nice; that, and/or I could look at building an admin tool and per-user preferences to manage who gets notifications
*** chofmann: maybe security@mozilla.org and maybe donner/qa to check out the change and validate content that will be served.
** Who should be on the hook to confirm changes?
*** Les: Hopefully not me; would be nice to have someone security-minded and plugin-informed to keep on top of it.  I can help build the tools, but would rather not also be the manager of the data.
*** maybe some model like we have for addons.  trusted group of amo-admins/editors reviews addons before they are released from the sandbox
** Who builds this into the directory?
*** Les: Probably me.
* Auditing Tools (chofmann: this auditing stuff should just be treated as an extension/next steps of the notification system mentioned above.)
** Need tools to be able to audit activity with Plugins.
** Need tools to be able to audit activity with Plugins.
** Need to create logs in order to track activity.
** Need to create logs in order to track activity.
ChrisHofmann
Confirmed users, Bureaucrats and Sysops emeriti
1,531

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/211128"

Navigation menu