SecurityEngineering/MeetingNotes/05-23-13
Agenda
- Q2 Goals - recap
- Updates to the webconsole and potential duplicate messages
- Web Developer Security Training Update - https://etherpad.mozilla.org/SA46DHDEsr
- Volunteers, please, to run the follow-up talks (2.0 in the etherpad)
- Password Knight update
- Mixed content blocker
- The Mixed Content and HSTS topic has surfaced this week (https://bugzilla.mozilla.org/show_bug.cgi?id=838395)
- QA rough results
- 77 sites / Alexa 1,000 have Mixed Content on Firefox
- 60 sites ALL 3 browsers are blocking
- 12 sites Not blocked on just Chrome (IE and Firefox block)
- 3 sites not blocked on IE (Chrome and Firefox block)
- 2 sites not blocked on IE or Chrome (only Firefox blocks)
- https://bugzilla.mozilla.org/show_bug.cgi?id=776278 (Auto-upgrade HTTP iframes to HTTPS). Do we need to do it?
- Awesome bar autoupgrades urls to https - https://bugzilla.mozilla.org/show_bug.cgi?id=769994
- nytimes.com evangelism? Evangelism plan:
- Reports are coming in to the tracking bug
- Finish the QA
- File bugs with whiteboard flags (have contact, no contact, technical details included / not included)
- Write a blog post to the community asking for help
- Goal Setting / Work Planning for Q3
- Need to figure out a way to do this in a good way, and not at the last minute. Need a place to document potential work items and a way to reach agreement on what is important to work on.
- Password Security - bsmith
- PSM/NSS Documentation
- OCSP stapling testing - bug 700693
- Meet-up: week of june 17, MTV