Firefox3/Security Review Template

From MozillaWiki
< Firefox3
Revision as of 08:56, 23 July 2008 by Dveditz (talk | contribs)
Jump to navigation Jump to search

_NOTOC_

Overview

Describe the goals and objectives of the feature here.

Background links

  • feature-tracking bug links
  • specs or design docs


Security and Privacy

  • What security issues do you address in your project?
  • Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing?
  • Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project.

Exported APIs

  • Please provide a table of exported interfaces (APIs, ABIs, protocols, UI, etc.)
  • Does it interoperate with a web service? How will it do so?
  • Explain the significant file formats, names, syntax, and semantics.
  • Are the externally visible interfaces documented clearly enough for a non-Mozilla developer to use them successfully?
  • Does it change any existing interfaces?

Reliability

  • What failure modes or decision points are presented to the user?
  • Can its files be corrupted by failures? Does it clean up any locks/files after crashes?

Installation, Upgrade/Downgrade/Sidegrade, and platform requirements

  • Does it equally support all Tier-1 platforms?
  • Does is have a hardware requirement (or increase minimum requirements)?
  • Does it require changes to the installer?
  • Does it impact updates?
  • list the expected behavior of this feature/function when Firefox is upgraded to a newer minor release, downgraded by installation of an earlier revision, or re-installed (same version)

configuration

  • Can the end user configure settings, via a UI or about:config? Hidden prefs? Environment variables?
  • Are there build options for developers? [#ifdefs, ac_add_options, etc.]
  • What ranges for the tunable are appropriate? How are they determined?
  • What are its on-going maintenance requirements (e.g. Web links, perishable data files)?

Relationships to other projects - are there related projects in the community?

  • If so, what is the proposal's relationship to their work? Do you depend on others' work, or vice-versa?
  • Are you updating, copying or changing functional areas maintained by other groups? How are you coordinating and communicating with them? Do they "approve" of what you propose?
Retrieved from "https://wiki.allizom.org/index.php?title=Firefox3/Security_Review_Template&oldid=101692"