Security/AppsProject/LightningNightlyPHP

Please use "Edit with form" above to edit this page.

Item Reviewed

Nightly updates PHP script for Lightning
Target	Lightning Nightly/Aurora update server script: https://bugzilla.mozilla.org/show_bug.cgi?id=723273 Part of "Lightning nightly updates": https://bugzilla.mozilla.org/show_bug.cgi?id=322522 Phillipp's actual request, an opsec review? https://bugzilla.mozilla.org/show_bug.cgi?id=733603#c9

Introduce the Feature

Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)

We, the Mozilla Calendar Project, would like to provide nightly updates to our users using the addons manager and an update.rdf script, as described here [1]. To do so, I have created a PHP script that serves the right update links based on the current date, the installed build id, the rapid release schedule and a few parameters usually supplied by the addons manager. The script requires no maintenance, as the current goal is to only serve updates for the -central and -aurora channels. Updates on the -beta channel will be served via addons.mozilla.org

The script can be found in bug 723273 will likely be put on the generic cluster and served via https only at <https://calendar.mozilla.org>.

[1] https://developer.mozilla.org/en/Extension_Versioning,_Update_and_Compatibility#Automatic_Add-on_Update_Checking

What solutions/approaches were considered other than the proposed solution?

`

Why was this solution chosen?

AMO not agile enough for add-ons under active development. AMO is appropriate for Beta and Release versions but not nightly.

Any security threats already considered in the design and why?

`

Threat Brainstorming

'

Property "SecReview feature goal" (as page type) with input value "We, the Mozilla Calendar Project, would like to provide nightly updates to our users using the addons manager and an update.rdf script, as described here [1].

To do so, I have created a PHP script that serves the right update links based on the current date, the installed build id, the rapid release schedule and a few parameters usually supplied by the addons manager. The script requires no maintenance, as the current goal is to only serve updates for the -central and -aurora channels. Updates on the -beta channel will be served via addons.mozilla.org

The script can be found in bug 723273 will likely be put on the generic cluster and served via https only at .

[1] https://developer.mozilla.org/en/Extension_Versioning,_Update_and_Compatibility#Automatic_Add-on_Update_Checking" contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.

Action Items

Action Item Status	None
Release Target	`
Action Items
'

Note: This was mostly opsec concerns and things were fine on that end.

Security/AppsProject/LightningNightlyPHP

Item Reviewed

Introduce the Feature

Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)

What solutions/approaches were considered other than the proposed solution?

Why was this solution chosen?

Any security threats already considered in the design and why?

Threat Brainstorming

Action Items

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

How to Contribute

MozillaWiki

Around Mozilla

Tools