Security/B2G/2013 2 27
Contents
- 1 FirefoxOS Security Team Meeting
- 1.1 News
- 1.2 Current/upcoming Reviews
- 1.3 Goal Status Updates
- 1.3.1 1. FirefoxOS related security reviews (owner: pauljt)
- 1.3.2 2. Document Firefox OS Security (owner: dchan)
- 1.3.3 3. Develop and land tests for security features (owner: dchan)
- 1.3.4 4.Engage communities & third-parties for Firefox OS security review and testing (owner: pauljt)
- 1.3.5 5. Drive OS-layer security improvement (owner: kang)
- 1.3.6 6. Secure app developer/reviewer guidelines/tools (owner: rforbes)
- 1.4 Other Items
FirefoxOS Security Team Meeting
1pm PST, B2G Vidyo room Prior notes are here: https://wiki.mozilla.org/Security/B2G/2013_2_20
News
- Docs need help!: (https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security)
- Focus on gaia reviews (aim to complete by 13th)
Upcoming features:
Current/upcoming Reviews
Goal Status Updates
Good progress so far, just need to keep pushing - 1 of each per week will get us there, at current rate. https://wiki.mozilla.org/Security/B2G/Reviews
- Gecko: 17 bugs remaining:
https://bugzilla.mozilla.org/showdependencytree.cgi?id=754730&maxdepth=1&hide_resolved=1
- Gaia: 9 (or close to 7) bug remaining:
https://bugzilla.mozilla.org/showdependencytree.cgi?id=748190&maxdepth=1&hide_resolved=1 PT- done homescreen & e.me
2. Document Firefox OS Security (owner: dchan)
Draft Plan: https://security.etherpad.mozilla.org/MDN-Firefox-OS [pt] Started the app security page : https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security/Application_security Note that the permissions page wont need to have the matrix https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security/Security_model is the https://wiki.mozilla.org/B2G/Architecture/Runtime_Security page, but needs updating
3. Develop and land tests for security features (owner: dchan)
after doco.
4.Engage communities & third-parties for Firefox OS security review and testing (owner: pauljt)
Draft Plan: https://etherpad.mozilla.org/foxhunt
Preliminary list of Tasks finished, lots of open questions still
5. Drive OS-layer security improvement (owner: kang)
Communication to get kernel sources ceased :( New secure adb in Android 4.2.2 http://android-developers.blogspot.com/2013/02/security-enhancements-in-jelly-bean.html Filled bug https://bugzilla.mozilla.org/show_bug.cgi?id=842747
6. Secure app developer/reviewer guidelines/tools (owner: rforbes)
Other Items
App signing: https://etherpad.mozilla.org/dLWLvIJr4o Security Testing Blog Post