SecurityEngineering/MeetingNotes/06-20-13: Difference between revisions
Jump to navigation
Jump to search
(Created page with "= Standing Agenda = * Q2 Goals Recap ( https://intranet.mozilla.org/2013Q2Goals#Security_Engineering ) * Review roadmap priorities to ensure they accurately reflect active pro...") |
|||
| Line 10: | Line 10: | ||
* [ON TRACK] land the application reputation scanning tool bug 662819 (mmc) | * [ON TRACK] land the application reputation scanning tool bug 662819 (mmc) | ||
* [DONE] Turn Mixed Content Blocking on in Aurora (tanvi) | * [DONE] Turn Mixed Content Blocking on in Aurora (tanvi) | ||
** https://bugzilla.mozilla.org/show_bug.cgi?id=843977 | |||
** https://bugzilla.mozilla.org/show_bug.cgi?id=844556 | |||
** https://bugzilla.mozilla.org/show_bug.cgi?id=843977 | |||
** Telemetry : https://bugzilla.mozilla.org/show_bug.cgi?id=781018 | |||
* [ON TRACK] land classic cert validation replacement, off by default (bsmith) builds on all platforms, same revovation as classic, pending tests for edge case certtificates (certificate usages & chain building). | * [ON TRACK] land classic cert validation replacement, off by default (bsmith) builds on all platforms, same revovation as classic, pending tests for edge case certtificates (certificate usages & chain building). | ||
** https://bugzilla.mozilla.org/show_bug.cgi?id=878932 | |||
* [ON TRACK] land OCSP stapling support and tests (keeler) | * [ON TRACK] land OCSP stapling support and tests (keeler) | ||
** https://bugzilla.mozilla.org/show_bug.cgi?id=700693 | |||
* [ON TRACK] Revamp the MDN documentation of CSP and Mixed Content Blocker (imelven + tanvi) | * [ON TRACK] Revamp the MDN documentation of CSP and Mixed Content Blocker (imelven + tanvi) | ||
* [ON TRACK] Develop & socialize plan (document containing steps, timeline, implementation & test plan) for getting sandboxing onto a desktop Firefox, probably Linux (imelven) | * [ON TRACK] Develop & socialize plan (document containing steps, timeline, implementation & test plan) for getting sandboxing onto a desktop Firefox, probably Linux (imelven) | ||
* https://wiki.mozilla.org/Electrolysis/Roadmap | ** https://wiki.mozilla.org/Electrolysis/Roadmap | ||
** https://bugzilla.mozilla.org/show_bug.cgi?id=790923 | |||
* [ON TRACK] Deploy pilot cookie study and publish results. (ddahl) | * [ON TRACK] Deploy pilot cookie study and publish results. (ddahl) | ||
= Agenda = | = Agenda = | ||
* Ivan wants to say something before we start : better communication around what we're doing and links to bugs/feature pages etc that provide background etc. - follow people on bugzilla | * Ivan wants to say something before we start : better communication around what we're doing and links to bugs/feature pages etc that provide background etc. - follow people on bugzilla | ||
Revision as of 21:09, 27 June 2013
Standing Agenda
- Q2 Goals Recap ( https://intranet.mozilla.org/2013Q2Goals#Security_Engineering )
- Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
- Suggest additions or changes to roadmaps
- Detailed discussion of features or outstanding issues as time permits
- Additional Items
- Upcoming events, OOO/travel, etc.
Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/06-06-13
Q2 Goals
- [ON TRACK] land the application reputation scanning tool bug 662819 (mmc)
- [DONE] Turn Mixed Content Blocking on in Aurora (tanvi)
- [ON TRACK] land classic cert validation replacement, off by default (bsmith) builds on all platforms, same revovation as classic, pending tests for edge case certtificates (certificate usages & chain building).
- [ON TRACK] land OCSP stapling support and tests (keeler)
- [ON TRACK] Revamp the MDN documentation of CSP and Mixed Content Blocker (imelven + tanvi)
- [ON TRACK] Develop & socialize plan (document containing steps, timeline, implementation & test plan) for getting sandboxing onto a desktop Firefox, probably Linux (imelven)
- [ON TRACK] Deploy pilot cookie study and publish results. (ddahl)
Agenda
- Ivan wants to say something before we start : better communication around what we're doing and links to bugs/feature pages etc that provide background etc. - follow people on bugzilla
- Rapid Q2 Goals Recap
- Platform meeting [ian] - Tuesdays 11am PST
- Training - please review the slides !
- Take a look at Agenda for next week (https://l33t.etherpad.mozilla.org/20 )
- e10s roadmap concerns
more bugs: TLS Bugs: (gracefully degrade from TLS 1.1 -> TLS 1.0 -> SSL 3.0) https://bugzilla.mozilla.org/show_bug.cgi?id=733647 https://bugzilla.mozilla.org/show_bug.cgi?id=839310 DTLS Bug(s): (interesting 'cause it will force you to read the DTLS spec) https://bugzilla.mozilla.org/show_bug.cgi?id=882310 JavaScript Crypto Bugs: (turns out the crypto in JS stuff is not that difficult to grok) https://bugzilla.mozilla.org/show_bug.cgi?id=849553 NSS is sometimes not your friend Bugs (nss does weird things when shutting down) https://bugzilla.mozilla.org/show_bug.cgi?id=675260 https://bugzilla.mozilla.org/show_bug.cgi?id=700499 https://bugzilla.mozilla.org/show_bug.cgi?id=700499