Standing Agenda

• Q3 Goals Recap ( https://wiki.mozilla.org/SecurityEngineering/2013/Q3Goals#Q3_Goals )
• Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
• Suggest additions or changes to roadmaps
• Detailed discussion of features or outstanding issues as time permits
• Additional Items
• Upcoming events, OOO/travel, etc.
• Third Party Cookie Blocking Questions from Andreas

  -How effective is cookie blocking? mmc: pre hashed and not be the perfect be the enemy of the good.

• Click-to-play Java by default question by Brendan: https://twitter.com/BrendanEich/status/372518877378252800
  • https://bugzilla.mozilla.org/show_bug.cgi?id=899080 (make plugins default to click-to-play)
  • Pllase add feedback on maillist thread
• Tanvi's point about politically contentous stuff being a timesink
  • Do we need a project manager?
  • Are there other ways we can maximize productivity and minimize PR-ish and project management type things?
  • Figure out a way for us to do more technical work and less people oriented tasks.
• Productivity tips:
  • ./mach bootstrap (don't run crappy version of hg (and python and all its deps))
  • ./mach mercurial-setup (<3 mqext)
• r- vs clearing r? flag
  • Delayed until Tanvi and Sid come back.

Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/08-22-13

Q3 Goals

• [ON TRACK] Finish first phase of Sandboxing
  • Outcome: seccomp in e10s/Larch or on nightly + clear roadmap
  • DRI: Sid
  • Tasks:

 * Need to resolve reviewer situation
 * Discussion about red hat's concerns - do we need a 
 * need to work on reviews and landing

• • • Consult : E10S contributions to make it reasonably usable in nightly. (without extensions/plugins) assign: ALL as appropriate
    • Implement : [NEW] Fix window.crypto to work in E10S}
    • Implement : [NEW] Fix CSP tests to work in E10S garrett + sid
    • Implement : [AT RISK] land seccomp for Linux (min bar for sandboxing) keeler - part of an old patch for bug 790923
    • Research : [NEW] Prioritize secomp tightening steps, begin executing it sid
    • Research : [NEW] Create story/plan for addon compatibility monica
• [ON TRACK] Cookie Clearinghouse
  • Outcome: Identify feasibility and nail down spec: https://github.com/CookieClearinghouse/protocol/wiki/Proposed-List-Formats
  • DRI: Monica
  • Tasks:
    • Implement : [NEW] spec out and make go/nogo decision on implementation
    • Consult : [NEW] drive Stanford effort to stable spec
• [AT RISK] Implement alternative revocation checking mechanisms
  • Outcome: must-staple + pinning + insanity on by default in nightly
  • DRI: Camilo
  • Tasks:
    • Implement : [AT RISK] Enable insanity::pkix validation by default on nightly
    • Implement : [NEW] Land key pinning
    • Implement : [NEW] Land must-staple support
• [ON TRACK] SafeBrowsing 2.0
  • Outcome: App reputation whitelist on by default in nightly
  • DRI: Monica
  • Tasks:
    • Implement : [NEW] Land app reputation system with whitelist support