Security/Meetings/SecurityAssurance/2012-06-26

From MozillaWiki
Jump to: navigation, search


« previous week | index | next week »
  • Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
  • Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
  • Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
  • Phone (Toronto): 416 848 3114 x92 Conf: 95316#
  • Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Agenda

Security Review Status (koenig)

Operations Security Update (Joe Stevensen)

Project Updates

Please don't leave blank. Add "No Update" if nothing has changed

Silent updates (rforbes / dveditz)

B2G (Paul Theriault, David Chan)

  • now moving to a packaged format for installed apps (some decision at the work week)

Thunderbird (Adam Muntner)

Rust (Jesse Ruderman)

  • dev-servo mailing list has picked up this week

Mobile (Mark Goodwin)

  • Firefox 14 is out!! Grab it, rate it, tell your friends.
  • Engineering meeting is happening tomorrow; I'm hoping to attend.

Sync (Simon Bennetts & Adam Muntner)

Services (Simon Bennetts & Adam Muntner)

Social - Pancake (Mark Goodwin)

  • Pancake will be submitted for App Store review any time about now; hoping to have a (limited) public release in about 2 weeks.

Jetpack, Add-on SDK, Add-on Builder (Dan Veditz)

JS (Christian Holler)

  • [gkw & Jesse] jsfunfuzz is now running on Releng hardware! \o/
  • What's the status of Ionmonkey?
    • m-c landing apparently delayed for 2-3 more weeks

DOM, XPConnect (Jesse Ruderman)

Layout, Style (Jesse Ruderman)

  • [decoder] Control harnesses for domfuzz instances on Tegras now migrated to one of our internal servers and running again.

Automation Tools (Gary Kwong)

  • No update

Web Developer Tools (Mark Goodwin)

  • Hackday for GCLI commands is currently in progress. Ideas can be submitted here: https://etherpad.mozilla.org/command-line-hackathon - I think there are loads of things we could do easily that would be useful for security people; the devtools team would really welcome your input.
  • or, if you'd prefer to write your own (it's easy), the docs start here: https://developer.mozilla.org/en/Tools/GCLI
  • Also, CSP violations will start appearing soon in the Web Console of a Nightly near you <- actually, it's in inbound now :)

Networking (Christoph Diehl)

No update - working on fuzzer internals

Graphics (Christoph Diehl) =

No update - working on fuzzer internals

Networking ( Media / Codecs)

Market (Raymond Forbes)

payments update

Firefox APIs (Raymond Forbes)

App Sync (David Chan)

no update

Dynamic API Security Model (Raymond Forbes)

WebRT (Raymond Forbes)

no update

BrowserID

  • [yvan] Wide-ranging security review coming up. It will cover EVERYTHING BrowserID.

Identity Services (David Chan)

no update

Addons.M.O (Raymond Forbes)

Bugzilla.M.O (Mark Goodwin & Eric Parker)

No update

Mozillians (Raymond Forbes)

MDN (Raymond Forbes)

SUMO (Kitsune) ()