SecurityEngineering/MeetingNotes/08-09-12

From MozillaWiki
Jump to: navigation, search

Discussion

  • Search results vs Domains in URL Bars on Firefox DESKTOP. Is someone working on this?

(We check the domain, and if the request gives a 404, do we fall back to search? What if a user mistypes the domain name. would they prefer the 404 over the search results? etc)

    • 2 Issues - go to domains you don't intend to. google knows what domains you are going to (ex: mistype a domain name and go to a search)
    • Designing a study to get more info on this - [1] , [2]
    • How do you change default search engine.
    • Can add an icon to the left that indicates whether its going to a domain or going to search. And we could click that icon to change it.
    • If use Command-K, user means search. Command-L, user means go to that URL.
    • Tanvi to figure out who's driving this feature
  • MOBILE - Android Search suggestions... are they on by default?
    • see thread on dev.planning titled "Re: [Privacy Reviews]Call For Comments: Google Suggest in Android"
  • Process sandboxing & addons
    • we have _some_ data about addons and the patterns they use - but not enough
    • we would like to have better data to answer the question : what % of users could be sandboxed without any changes ? with addons making some simple change ?
    • we could potentially focus on newer platforms where we are already accepting add-on breakage and don't have legacy UI, for example, Windows 8 and Android
    • marshall and kirs maglione (add-ons) are going to be looking into this over the next week
  • CSP sandbox - priority ?
    • iframe sandbox is only part of the sandboxing content story
    • It's valuable to be able to sandbox an arbitrary document without having a parent document
    • Not slowing down iframe sandbox, but we should follow up closely with the CSP sandbox to have a complete sandboxing story.
  • SEHOP - how do we get this landed ?
    • it's not on at all for Firefox
    • easy for folks running nightly to try it (registry change)
    • We should blog about it, and then try it out in nightly maybe. Have people try it out since ian seems to have no problems with it enabled.
    • try to get this up on the security blog
  • B2G - update
    • Reams and Reams of update messages going out in various channels.
    • Lucas is gonna combine the security model wiki pages into one central spot.
    • Need to make sure the code reflects the model (write some automated tests)
    • Design for updates is coming
  • MozCamp - hackathon event probably not happening.
Retrieved from "https://wiki.mozilla.org/index.php?title=SecurityEngineering/MeetingNotes/08-09-12&oldid=459850"