Personal tools

Security/Meetings/2011-11-16

From MozillaWiki

Jump to: navigation, search

Contents

Sync update

Bugzilla metrics

  • need feedback from team that bugs are OK
    • dveditz & bsterne to review by Friday
  • curtisk wants to wrap this up

Silent Updates update

  • things are on track from all sides

Mozilla Inbound security fixes (request from edmorley)

  • we suggest that either the mergers apply for s-g access or email security@ directly and we will take care of it
  • also possibly provide a list of who has s-g and can do this and when they're around - there's a wiki page of this already

Travel / people stuff

  • Gary in KL for MozCamp Asia
  • Curtis back from EU MozCamp
    • interesting possible theme issue
  • Curtis in MV Dec 4-9
  • Sid PTO Nov 28 (Monday), Dec 1-5 (W-M)
  • David PTO Nov 21 / Dec 5 (Monday)
  • Thanksgiving Holiday USA Nov 24-25 - US employees unavailable

NSS extensibility

Protocol

  • Show up on time, please
  • Don't let sid be a blocker to start the meeting

Privacy Reviews

SecReview stuff

  • meeting invites sent for 2012
  • meeting setup for triage (ever other week)
    • anyone is welcome to attend from secteam, mandatory have been invited directly
  • [bsterne] Lightning talk at the next Mon meeting - Security is _not_ an Option
    • if you are making changes or shipping a new product or service that affects our users, you should be engaging with the Security Team before you ship
    • it is more expensive to fix bugs the later in the dev cycle they are found
      • even worse for design problems that aren't tackled in the design stage
    • show the "menu" of services that sec team provides, starting with lightest weight
    • this is not optional

Recent Security Reviews

Navigation Timing API Enable storing files in IndexedDB Android System

SOPA

Firefox 2012 Product Vision

  • includes non-feature work (integrity/quality programs like security)
  • Fairly big focus on security/privacy for the roadmap/vision statement from Asa