canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Security/Meetings/2011-11-17: Difference between revisions
Security/Meetings/2011-11-17 (view source)
Revision as of 19:59, 17 November 2011
, 17 November 2011no edit summary
(Created page with "== Updates on Major Projects == * Apps/AppStore - * BrowserID - * Pancake - == CSRF Defense Idea == == Upcoming Events ==") |
No edit summary |
||
| Line 1: | Line 1: | ||
= | = Major Projects = | ||
* Apps/ | * Apps / Appstore | ||
* BrowserID - | * BrowserID | ||
* | * Silent Updates | ||
** Code Signing - https://mana.mozilla.org/wiki/display/INFRASEC/Code+Signing+Security | |||
* HSM Updates | |||
== | = SecGroup Co-ordination= | ||
* curtisk & yvan | |||
= Security content on MDN = | |||
== | * curtisk to sched something with mcoates & sheppy | ||
= CTF = | |||
* [freddy] hosting a CTF competition | |||
* end of Jan | |||
* meeting tomorrow at 2pm PST to start organizing | |||
* custom software with custom vulns - not on the live sites | |||
= Facebook / Twitter Button -- Privacy = | |||
* can not use built-in buttons in a way that is compliant with Moz privacy policies | |||
** this is because tracking is done with these buttons | |||
* building modified buttons that send nothing until a user clicks | |||
* working on content for how to use these in a privacy protecting fashion | |||
- https://bugzilla.mozilla.org/show_bug.cgi?id=701759 | |||
=Where are infra-security reviews scheduled= | |||
* https://wiki.mozilla.org/WebAppSec/Security_Review_Request | |||
* https://mana.mozilla.org/wiki/display/INFRASEC/AppSec+Review+Schedule | |||
* current whiteboard tags [pending secreview][in-progress secreview] | |||
* Bigger projects | |||
* https://wiki.mozilla.org/Security/Reviews/Identity/browserid | |||
** Add bigger meetings to calendar - kickoff, brownbag | |||
=DirectlyResponsibleIndividual= | |||
* someone who is the contact point for cross-over projects | |||
** can engage other people/resources as needed | |||
* reduce the number of people from joint teams attending meetings | |||
* people need to discuss and self-assign | |||
= changing keyword tags (legneato proposal) = | |||
* https://bugzilla.mozilla.org/show_bug.cgi?id=696898 | |||
#security/plat/review/needed ... /complete | |||
#security/infra//review/needed .../complete | |||
Proposal | |||
--------------------------------------- | |||
#(namespace)/..../(leafnode keyword) | |||
Examples: | |||
#relman/triage/needs-info | |||
#relman/triage/defer-to-group | |||
* we really need a good way for people to make a request and for us to figure out rather they know before hand | |||
** the more they have to know to engage us, the less likely they are to do it | |||