MozillaWiki

SecurityEngineering/MeetingNotes/06-20-13

< SecurityEngineering‎ | MeetingNotes
Revision as of 21:08, 27 June 2013 by Imelven (talk | contribs) (Created page with "= Standing Agenda = * Q2 Goals Recap ( https://intranet.mozilla.org/2013Q2Goals#Security_Engineering ) * Review roadmap priorities to ensure they accurately reflect active pro...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Standing Agenda

  • Q2 Goals Recap ( https://intranet.mozilla.org/2013Q2Goals#Security_Engineering )
  • Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
  • Suggest additions or changes to roadmaps
  • Detailed discussion of features or outstanding issues as time permits
  • Additional Items
  • Upcoming events, OOO/travel, etc.

Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/06-06-13

Q2 Goals

  • [ON TRACK] land the application reputation scanning tool bug 662819 (mmc)
  • [DONE] Turn Mixed Content Blocking on in Aurora (tanvi)
   https://bugzilla.mozilla.org/show_bug.cgi?id=843977

   https://bugzilla.mozilla.org/show_bug.cgi?id=844556

   https://bugzilla.mozilla.org/show_bug.cgi?id=843977

   Telemetry : https://bugzilla.mozilla.org/show_bug.cgi?id=781018
  • [ON TRACK] land classic cert validation replacement, off by default (bsmith) builds on all platforms, same revovation as classic, pending tests for edge case certtificates (certificate usages & chain building).
   https://bugzilla.mozilla.org/show_bug.cgi?id=878932
  • [ON TRACK] land OCSP stapling support and tests (keeler)
   https://bugzilla.mozilla.org/show_bug.cgi?id=700693
  • [ON TRACK] Revamp the MDN documentation of CSP and Mixed Content Blocker (imelven + tanvi)
  • [ON TRACK] Develop & socialize plan (document containing steps, timeline, implementation & test plan) for getting sandboxing onto a desktop Firefox, probably Linux (imelven)
  • https://wiki.mozilla.org/Electrolysis/Roadmap
 https://bugzilla.mozilla.org/show_bug.cgi?id=790923
  • [ON TRACK] Deploy pilot cookie study and publish results. (ddahl)

Agenda

  • Ivan wants to say something before we start : better communication around what we're doing and links to bugs/feature pages etc that provide background etc. - follow people on bugzilla
  • Rapid Q2 Goals Recap
  • Platform meeting [ian] - Tuesdays 11am PST
  • Training - please review the slides !
  • Take a look at Agenda for next week (https://l33t.etherpad.mozilla.org/20 )
  • e10s roadmap concerns

more bugs: TLS Bugs: (gracefully degrade from TLS 1.1 -> TLS 1.0 -> SSL 3.0) https://bugzilla.mozilla.org/show_bug.cgi?id=733647 https://bugzilla.mozilla.org/show_bug.cgi?id=839310 DTLS Bug(s): (interesting 'cause it will force you to read the DTLS spec) https://bugzilla.mozilla.org/show_bug.cgi?id=882310 JavaScript Crypto Bugs: (turns out the crypto in JS stuff is not that difficult to grok) https://bugzilla.mozilla.org/show_bug.cgi?id=849553 NSS is sometimes not your friend Bugs (nss does weird things when shutting down) https://bugzilla.mozilla.org/show_bug.cgi?id=675260 https://bugzilla.mozilla.org/show_bug.cgi?id=700499 https://bugzilla.mozilla.org/show_bug.cgi?id=700499

Retrieved from "https://wiki.allizom.org/index.php?title=SecurityEngineering/MeetingNotes/06-20-13&oldid=671217"