SecurityEngineering/MeetingNotes/12-05-12
From MozillaWiki
Contents
Standing Agenda
- Q4 Goals Recap
- Review currently active (P1) features against their established milestones, identify any blockers - Security/Roadmap + Privacy/Roadmap
- Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
- Suggest additions or changes to roadmaps
- Detailed discussion of features or outstanding issues as time permits
- Additional Items
- Upcoming events, OOO/travel, etc.
Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/11-29-12
Q4 Goals
- [ON TRACK] Land CSP 1.0
- [ON TRACK] Deliver integrated Payments and ID for B2G
- [DONE] Host security community event (public brownbag on 11/13)
HSTS Pref
- for discussion : should we have a pref to disable HSTS ?
- https://bugzilla.mozilla.org/show_bug.cgi?id=800882
- a strong argument is made by multiple people for 'no' - users won't understand what they're opting in to and we are concerned that websites etc will publicize it without adequately explaining the consequences
Safari-like cookie blocking
- See Bug 818340 https://bugzilla.mozilla.org/show_bug.cgi?id=818340
- metabug for tracking protection: https://bugzilla.mozilla.org/show_bug.cgi?id=tracking-protection
- Do users want and understand Safari-like cookie blocking? maybe/no
- There are some ideas here - https://wiki.mozilla.org/Privacy/Features/Per-Site_Third-Party_Cookie_Setting/Brainstorm_UX
2013 security and privacy UX projects
https://firefox-ux.etherpad.mozilla.org/SPF-2013-Planning
Other
- firefox eng meeting - 10 am tuesday - Tanvi just next week
- platform meeting 11 am tuesday - Ian will attend
- Larissa's brownbag was happening -12 PST 12/13 (Thursday) at 10Fwd: Designing Meaningful Security & Privacy (in a world where no one cares?) YAY!!!
- but has now been rescheduled