Firefox/Privacy and Security Front-End/OKRs/2017Q4: Difference between revisions

Firefox/Privacy and Security Front-End/OKRs/2017Q4 (view source)

Revision as of 17:01, 23 January 2018

1,473 bytes added , 23 January 2018

christoph okrs

Nyee

666

edits

@@ Line 158: / Line 158: @@
 |align="left"| 6.1 Set the correct triggering principal for top-level loads by completing 12 remaining bugs.
 | Christoph & Kate
-|align="center"|
+|align="center"| --
-|align="center"|
+|align="center"| --
 |align="center"| 0%
-|align="center"|
+|align="center"| --
-|align="center"|
+|align="center"| 7%
 |
 *
 |
-* 12 remaining bugs
+* Dec 13
+** 12 remaining bugs
+* Jan 22
+* Much of the ground work was completed in Bug 1374741. This bug is 90% complete.
 |-
 |rowspan=3| 7. Enable web developers to produce secure web sites through use of relevant web standards, increased test coverage via web-platform tests & parity with other browsers
 |align="left"| 7.1 Update Mixed Content Implementation per Spec
 | Christoph & Kate
-|align="center"|
+|align="center"| --
-|align="center"|
+|align="center"| --
-|align="center"|
+|align="center"| --
-|align="center"|
+|align="center"| --
-|align="center"|
+|align="center"| 30%
 |
-*
+* part 1: where did we differ from the spec 30%
+* part 2: implementing the differences from the spec.70%
 |
-* this was split into two parts
+* this was split into two parts but actual implementation never happened.
 |-
 |align="left"| 7.2 Land CSP Violation reports and enable web-platform tests
-| Ethan
+| Ethan/ Christoph
-|align="center"|
+|align="center"| --
 |align="center"| 75%
 |align="center"| 100%
-|align="center"|
+|align="center"| --
-|align="center"|
+|align="center"| 90%
 |
-* [https://bugzilla.mozilla.org/show_bug.cgi?id=1037335 Bug 1037335 - CSP: Implement security violation events]
+* [https://bugzilla.mozilla.org/show_bug.cgi?id=1432523 Bug 1432523- Switch pref to enable CSP violation reports]
 |
 * already have patch and has been reviewed. Spec is missing core aspects. Email thread circulating. Might have to revise spec.
@@ Line 196: / Line 200: @@
 * team has filed bugs the missing core aspects
 ** Bug ID: 1418241, 1418246, 1418243, 1418236
+* Jan 23
+** Bugs 1418236, 1418241, 1418246 have not landed yet.
+** Moreover, after all dependent bugs land, we would need to enable the pref [https://bugzilla.mozilla.org/show_bug.cgi?id=1432523 Bug 1432523]
+** Bugs that have landed in nightly have enable web platform tests that provide a huge benefit additional test coverage across browsers. Therefore we are scoring this at 90%.
 |-
 |align="left"| 7.3 Land CSP worker-src
+| Christoph
+|align="center"| --
+|align="center"| --
+|align="center"| --
+|align="center"| --
+|align="center"| 100%
 |
-|align="center"|
+* [https://bugzilla.mozilla.org/show_bug.cgi?id=1302667 Bug 1302667 - CSP: Implement 'worker-src']
-|align="center"|
-|align="center"|
-|align="center"|
-|align="center"|
-|
-*
 |
-*
+* Jan 23
+** Bug was fixed in Fx 58.
 |-
 | 8. Protect users from data: URI phishing attacks
 |align="left"| 8.1 Enable toplevel data: URI navigation blocker
-|
+| Christoph
-|align="center"|
+|align="center"| --
-|align="center"|
+|align="center"| --
-|align="center"|
+|align="center"| --
-|align="center"|
+|align="center"| --
-|align="center"|
+|align="center"| 100%
 |
-*
+* [https://bugzilla.mozilla.org/show_bug.cgi?id=1401895 1401895 - Block top-level navigations to data: URIs]
+* [https://blog.mozilla.org/security/2017/11/27/blocking-top-level-navigations-data-urls-firefox-58/ Blog Post]
 |
-*
+* Jan 23
+** Bug was fixed in 59. Blog post went out when fixed.
 |-
 | 9. Enable Firefox developers to query referrer (including policy) information from a single source of truth.
 |align="left"| 9.1 Revamp referrer policy setup
-| <s>Tanvi</s> Francois
+| <s>Tanvi</s> Christoph
 |align="center"| --
 |align="center"| --
 |align="center"| --
 |align="center"| --
-|align="center"| 50%
+|align="center"| 10%
 |
 *
 |
 * Jan 22
-** Francois and Christoph sat down with Thomas (TPE) and agreed upon plan. No implementation work has started.
+** Initial document is [https://docs.google.com/document/d/1rN6hkuoKMWY8qDgGXmsZqT1mgUMnW_4SI2NjDuNFSdA/edit#heading=h.4s3y53gwp6xq here]. Francois and Christoph sat down with Thomas (TPE) and went over document because there were missing pieces. They sketched out a plan during a whiteboard session addressing the concerns but no documentation of event. No implementation work has started.
 |-
 | 10. Lay foundation for shipping Breach Alerts
@@ Line 252: / Line 263: @@
 |rowspan=2| 11. Improve Firefox privacy by implementing W3C spec of Referrer Policy
 |align="left"| 11.1 Land Referrer Policy support for CSS
-| Ethan
+| Ethan/ Christoph
 |align="center"| --
 |align="center"| 100%
 |align="center"| 75%
 |align="center"| --
-|align="center"| --
+|align="center"| 80%
 |
 * [https://bugzilla.mozilla.org/show_bug.cgi?id=1330487 Bug 1330487 - Implement referrer policy for CSS]
@@ Line 264: / Line 275: @@
 ** patches are under review. dbaron has provied feedback to change patches. turns out to be more complex than originally intended because of servo code. tnguyen is working on patch this week.
 *Jan 22
-** No resources or status to score OKR
+** TPE resource was working on this. Bug is almost completed but resource was pulled off this project.
 |-
 |align="left"| 11.2 Land Referrer Policy support for downloads
-| Ethan
+| Ethan/ Christoph
 |align="center"| --
 |align="center"| 100%
 |align="center"| 80%
 |align="center"| --
-|align="center"| --
+|align="center"| 100%
 |
 * [https://bugzilla.mozilla.org/show_bug.cgi?id=1073187 Bug 1073187 - add referrer policy support to Downloads.jsm]
@@ Line 279: / Line 290: @@
 ** patches are waiting for review. have been waiting for review for 7+ days.
 *Jan 22
-** No resources or status to score OKR
+** Bug landed in fx 59.
 |-
 |rowspan=2| 12. Provide Firefox users an approach to protect against browser fingerprinting