SecurityEngineering/MeetingNotes/08-29-13

From MozillaWiki
Jump to: navigation, search

Standing Agenda

  • Q3 Goals Recap ( https://wiki.mozilla.org/SecurityEngineering/2013/Q3Goals#Q3_Goals )
  • Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
  • Suggest additions or changes to roadmaps
  • Detailed discussion of features or outstanding issues as time permits
  • Additional Items
  • Upcoming events, OOO/travel, etc.
  • Third Party Cookie Blocking Questions from Andreas
  -How effective is cookie blocking? mmc: pre hashed and not be the perfect be the enemy of the good.
  • Click-to-play Java by default question by Brendan: https://twitter.com/BrendanEich/status/372518877378252800
  • Tanvi's point about politically contentous stuff being a timesink
    • Do we need a project manager?
    • Are there other ways we can maximize productivity and minimize PR-ish and project management type things?
    • Figure out a way for us to do more technical work and less people oriented tasks.
  • Productivity tips:
    • ./mach bootstrap (don't run crappy version of hg (and python and all its deps))
    • ./mach mercurial-setup (<3 mqext)
  • r- vs clearing r? flag
    • Delayed until Tanvi and Sid come back.

Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/08-22-13

Q3 Goals

  • [ON TRACK] Finish first phase of Sandboxing
    • Outcome: seccomp in e10s/Larch or on nightly + clear roadmap
    • DRI: Sid
    • Tasks:
 * Need to resolve reviewer situation
 * Discussion about red hat's concerns - do we need a 
 * need to work on reviews and landing
      • Consult : E10S contributions to make it reasonably usable in nightly. (without extensions/plugins) assign: ALL as appropriate
      • Implement : [NEW] Fix window.crypto to work in E10S}
      • Implement : [NEW] Fix CSP tests to work in E10S garrett + sid
      • Implement : [AT RISK] land seccomp for Linux (min bar for sandboxing) keeler - part of an old patch for bug 790923
      • Research : [NEW] Prioritize secomp tightening steps, begin executing it sid
      • Research : [NEW] Create story/plan for addon compatibility monica
  • [ON TRACK] Cookie Clearinghouse
  • [AT RISK] Implement alternative revocation checking mechanisms
    • Outcome: must-staple + pinning + insanity on by default in nightly
    • DRI: Camilo
    • Tasks:
      • Implement : [AT RISK] Enable insanity::pkix validation by default on nightly
      • Implement : [NEW] Land key pinning
      • Implement : [NEW] Land must-staple support
  • [ON TRACK] SafeBrowsing 2.0
    • Outcome: App reputation whitelist on by default in nightly
    • DRI: Monica
    • Tasks:
      • Implement : [NEW] Land app reputation system with whitelist support