: Etherpad users! We are developing an extension that will allow you to create pages from etherpads quickly and easily. Please visit our sandbox and help us test it.


From MozillaWiki
Jump to: navigation, search

Non-feature work

  • working group is going
  • criteria is being discussed
  • this list right now is overly granular, will need to be whittled down

Mobile Locale Picker

  • is what they're doing with Aurora/Nightly in line with our best practices ?
    • currently done with xpi over plain http as an add-on for the locale
    • no, they should be protected in some fashion
  • imelven will file a bug against nightly/aurora for this
  • should we file a bug for release even though it's still 'in progress' ?
  • imelven will file a bug for this - XML file should come over SSL, other XPI's come with hash over SSL
  • there is javascript on AMO that installs addons, this gets the hash and downloads the file ddons, this gets the hash and downloads the file over SSL
    • should be done the way it's done for addon and client updates today

Mobile Permissions

  • bug to explain why Fennec wants permissions
  • mbrubeck is thinking about writing a blog post on permissions for Fennec
  • there's ongoing debate about asking for permissions we don't need yet for a better update flow as opposed to being very tight with permissions and only asking for things we actually use
  • debate about whether writing the document will help - 'people only read the market description, don't follow links in it' - but we don't explain why we require whatever permissions anywhere
  • imelven will check if there's a tool to audit permisisons on Android
  • imelven will follow up with Michelle Luna (mobile SUMO)

Moz Camps

  • attendance?
    • Gary - Kuala Lumpur
  • curtis has been invited by Gen Kanai to one in Malaysia to talk sec via yammer

DerbyCon / Louisville Infosec roundup [curtis]

Sec Review Triage

  • moved to Oct-12 in Zombocom
    • will cover untriaged radar items, bugs and assignments

Curtis Travel

  • Trip 17-22 oct
    • will arrive late on 17 so will work from home till mid-day EST then depart

Blog post roundup

DNT round-up

Goals Discussion

  • Remember: Q4 is a short quarter
  • We generally try to have 3 goals per quarter, but may also list other planned activities.
  • We've been asked to consider "mobile first", "how will we use telemetry", and "e10s"

Goals for other teams

Goals for us

  • Telemetry/User Research ? - are there probes or Test Pilot studies we could use to get some useful info ?
    • Get stats on features we want to kill off (enablePrivilege, E4X <- done)
    • Frequency of cert errors (counting each of: expired, self-signed, wrong domain) and OCSP success/failures (nonresponses, server errors, revoked, valid) and frequency of mixed-content encountered (bucket mixed display and mixed scripting)
      • this will help us decide how to prioritize (or de-prioritize) future work on SSL failures, revocation, mixed content work
  • Privacy: unify our reviews (sec/priv) with User Data Council (UDC)
    • make it easy and smooth to get all the right eyeballs involved at the right times.
  • Mobile Fuzzing
    • Get LangFuzz to ARM architecture (Linux/Tegra)
    • Get LangFuzz to mobile (Browser on Android)
      • LangFuzz mobile has dependency on Jetpack
  • Get a plan for sec release quality finalized and ready to socialize (related to non-feature prioritization)

Other things we'll be doing