Security/Meetings/SecurityAssurance/2012-05-22

From MozillaWiki
Jump to: navigation, search


« previous week | index | next week »
  • Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
  • Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
  • Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
  • Phone (Toronto): 416 848 3114 x92 Conf: 95316#
  • Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Agenda

Security Review Status (koenig)

Project Updates

Please don't leave blank. Add "No Update" if nothing has changed

Silent updates (rforbes / dveditz)

B2G (Paul Theriault --> & David Chan)

  • (Welcome david!! :)
B2G Starting to be tracked a litle more, making secreview easier to plan
https://docs.google.com/spreadsheet/ccc?key=0AiBigu584YY7dGlNSlY0QzhJb3M5anRBa1gxalV0Y3c#gid=0

  • Gaia now more detailed in the spreadsheet - yvan we should plan external review soom tomorrow
  • Meeting with Jlebar this morning to further refine the permissions model
  • Gaia hacking day next week? Any interest?

Thunderbird (Dan Veditz)

Rust (Jesse Ruderman)

Mobile (David Chan --> Mark Goodwin)

  • no update

Sync (David Chan --> Simon & Adam)

  • android sync update to beta before end of quarter

Services (David Chan --> Simon & Adam)

  • tokenserver review underway
  • notifications needs review

Social - Pancake (Mark Goodwin)

Hoping for limited public release in 2 weeks' time. Only major worry is around CEF logging - they've implemented a mechanism in tornado for doing this, but work to actually satisfy my logging requirements will take longer than anticipated. They're asking if this is a blocker...

  • Not for beta release. Yes for public release

Jetpack, Add-on SDK, Add-on Builder (Dan Veditz)

JS (Christian Holler)

  • IonMonkey fuzzing going on, bug frequency decreasing (horray!). \o/
  • First round of OOM testing on IonMonkey complete
  • Differential testing can start soon

DOM, XPConnect (Jesse Ruderman)

Layout, Style (Jesse Ruderman)

Automation Tools (Gary Kwong)

  • MozTrap went live to production, thanks to everyone who helped w/ secreviews
  • [decoder] domfuzz addon now deployed on Tegras (Fennec Native) for fuzzing

Web Developer Tools (Mark Goodwin)

  • Busy week; Netmonitor review yesterday (this is looking mostly OK), remote debugger / debugger UI review coming on Thursday. Please attend if possible; debugger exposes powerful functionality.

Networking (Christoph Diehl)

Graphics (Christoph Diehl) =

  • VP8 fuzzing as requested by dveditz

Networking ( Media / Codecs)

Market (Raymond Forbes)

Firefox APIs (Raymond Forbes)

  • finishing up review of mozApps navigator

Payment Flow (Raymond Forbes)

App Sync (David Chan)

  • client review underway

Dynamic API Security Model (Raymond Forbes)

WebRT (Raymond Forbes)

BrowserID (Yvan Boily)

  • RFP Responses in, evaluation upcoming
  • Continuing review of sign into browser / browsing context providers

Identity Services (David Chan --> Yvan Boily / Adam Muntner)

  • no update

Addons.M.O (Raymond Forbes)

Bugzilla.M.O (Mark Goodwin & Eric Parker)

  • Still awaiting some fixes to TellUsMore before I can close out review (but looks good)
  • Outstanding whitehat reported bugs - please investigate/triage

Mozillians (Raymond Forbes)

MDN (Raymond Forbes)

SUMO (Kitsune) ()