• Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
• Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
• Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
• Phone (Toronto): 416 848 3114 x92 Conf: 95316#
• Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Agenda

• Welcome Michael Henry
• update on tag merger (curtisk)
  • possible issue with information leakage: https://bugzilla.mozilla.org/describekeywords.cgi reveals accurate counts
    • Maybe this isn't a big deal, because sec-critical covers multiple products and services
      • But csec-buffer-overrun doesn't quite as much...
    • Maybe this isn't really a change, because you could always calculate the difference between "assertion" and "crash" keyword counts and visible bugs in queries
    • Maybe this isn't a big deal, because you could always figure out what the numbers were two months ago, and assume today isn't much different.
    • Maybe we should chat with PR about this.
• q2 goals
  • skipping due to confusion over which list of goals is the "real" one, and we're missing mcoates
• https://wiki.mozilla.org/Security/Reviews/WebRT was interesting

second half

Project updates

JavaScript

• [decoder] JSBugMon - Script that can automatically reproduce JS engine bugs from the bug report. Can verify security bugs, reconfirm or close open bugs, etc. https://github.com/mozilla/JSBugMon