Confirmed users
613
edits
AMO/SigningService/Meetings: Difference between revisions
Jump to navigation
Jump to search
added meeting minutes from May/April
m (formatting) |
(added meeting minutes from May/April) |
||
| Line 44: | Line 44: | ||
- 41 issues: Kim will be working on it early next week | - 41 issues: Kim will be working on it early next week | ||
== May 29 == | == May 29 2015 == | ||
WorkLife summary for meeting "Add-On Signing Weekly Check In" | WorkLife summary for meeting "Add-On Signing Weekly Check In" | ||
| Line 180: | Line 180: | ||
- Monday (or Tuesday) 25th sign AMO add-ons (Larissa to confirm with RelMan that this is ok) | - Monday (or Tuesday) 25th sign AMO add-ons (Larissa to confirm with RelMan that this is ok) | ||
- June 1 "soft launch" for opening the review queue for non-AMO addons to be signed. (Dependent on automated validation being online and tested, and the revised developer agreement being approved and live) | - June 1 "soft launch" for opening the review queue for non-AMO addons to be signed. (Dependent on automated validation being online and tested, and the revised developer agreement being approved and live) | ||
== May 8, 2015 == | |||
WorkLife summary for meeting "Add-On Signing Weekly Check In" | |||
View Full Details: https://app.worklife.com/meetings/554ccc9f2da367f4b4123364 | |||
Time: May 8, 2015 9:30 AM - 10:00 AM | |||
Larissa Shapiro's vidyo + MTV2 - 217 Star Trek, SFO7 - 740 7H Hotel Utah, TOR5 | |||
Attendees: Amy Tsay, Chris AtLee, Daniel Veditz, Dave Townsend, Jorge Villalobos, Kev Needham, Kim Moir, Kris Maglione, Krupa Raj, Larissa Shapiro, Lisa Brewster, Marc Schifer, Markus Jaritz, Mathieu Agopian, Mike Connor, Philipp Sackl, Rob Hudson, Ryan Tilder, Wil Clouser, Winston Bowden | |||
Agenda | |||
- Review of status for 40: any open issues, any surprises PLEASE speak now | |||
- Plans for 41 | |||
• release engineering issues | |||
• I'm concerned about doing bulk of our testing on builds that allow installation of unsigned addons - those aren't what we're shipping to most people. I'd like to re-visit signing the addons we use for testing. | |||
• separate build for testing | |||
• Developer Comms plans | |||
• what is already planned and where is it documented? WIP: https://docs.google.com/document/d/19Mf97JPXmU5PSMiw8or5Tbbd-m2fFL5MpabW61cKgoc/edit | |||
- Any other business | |||
Decisions | |||
- We are holding on signing more AMO addons till at least the 18th to not conflict with the 38 release. | |||
- We can use the same cert for experiemnts as for add-ons. | |||
Action Items | |||
- Larissa set up dev comms plan meeting for next week | |||
- kev: talk to benjamin about signing experiments. | |||
- Kris (?) determine how many add-ons have XP com binary components (AMO only?) | |||
- LS to set up mtg next week kev, dveditz, mconnor, larissa, catlee on releng issues and possibly turning on the alternate root | |||
- LS set up a meeting including Kev, Jorge, Amy, MConnor/Joanne, need to make sure it addresses the XP com issues for the AV companies in particular. | |||
Open Issues | |||
- hotfix patch needs review by dveditz but he is on PTO. Options: 1. he could do it over the weekend? 2. Someone else could do it and then dveditz could review after the fact. Dan will review tonight | |||
- final icons for the UI changes are not back from shorlander yet. | |||
- Who is going to own the signing certificate and sign when needed? Will says we can do it on the AMO signing servers. Needs confirmation that this will work. | |||
Notes | |||
- plan for hotfixes - new signing cert from the AMO root - will sign with those. Once we turn on requiring signing from AMO, it will only accept the new hotfix cert. If we sign for old versions, we may end up needing to produce two XPIs. | |||
- Update service on AMO can distinguish firefox versions so if we mark things correctly on the hotfixes that should work. We'll need to update the release process accordingly. | |||
- Experiments need to be signed but are not distributed by AMO, should we put a separate cert in the same place, or could we use the same cert? | |||
- We are holding on signing more AMO addons till at least the 18th to not conflict with the 38 release. | |||
- Benjamin's post about XP com components - are we doing this for 40? its a tight change. Is it Binary components only? (yes) in 40 we're not enforcing signing. Are people going to conflate the two issues? Understanding how many add-ons are impacted would be good. This should be in the comms plan. Intent is for XP com to be disabled for everyone but Mozilla. | |||
- Release engineering issues: plan was a parallel set of builds for 41, but this would mess up automation of release for builds we are shipping to users. Is the general consensus that rewriting the test suite for add-ons that arent getting signed on the fly is not feasible? Discussion needed. Right now we have a test root defined that is not enabled for final builds. We could enable it for final builds and sign things. | |||
- Comms Plan: this is a skeleton of the message and the audiences. Will set up a meeting including Kev, Jorge, Amy, MConnor/Joanne, need to make sure it addresses the XP com issues for the AV companies in particular. | |||
== April 17, 2015 == | |||
WorkLife summary for meeting "Add-On Signing Weekly Check In" | |||
View Full Details: https://app.worklife.com/meetings/55311eda86c026b9ec595e87 | |||
Time: Apr 17, 2015 9:30 AM - 10:00 AM | |||
Larissa Shapiro's vidyo + MTV2 - 217 Star Trek, SFO7 - 740 7H Hotel Utah, TOR5 | |||
Attendees: Chris AtLee, Dave Townsend, Jorge Villalobos, Kev Needham, Kris Maglione, Krupa Raj, Larissa Shapiro, Lisa Brewster, Marc Schifer, Markus Jaritz, Mathieu Agopian, Mike Connor, Philipp Sackl, Rob Hudson, Ryan Tilder, Wil Clouser, dveditz | |||
Agenda | |||
- Tracking for Fx 40, review status worksheet: docs.google.com/spreadsheets/d/19uZqwiQbiZr6fnU6dLhvuj5cafjQ21a6if2W3h4S4JQ/edit#gid=0 | |||
- Blog post up? Next steps in DevRel? | |||
- Review open decisions and actions from last week. | |||
- AOB | |||
- Review testplans for Desktop client which were sent out | |||
Decisions | |||
- UX will move forward with decisions in bugs today and copy review Monday | |||
- RelEng can move forward for 40 with the override pref turned on | |||
- We are close to comfortable with go for 40 pending UX decisions, a marketing rep/comms plan | |||
- We need a go/no go plan and and sufficient releng resources to be go for 41. | |||
Action Items | |||
- From last week: Larissa to make sure decision happens for bugzilla.mozilla.org/show_bug.cgi?id=1151537Wil to coordinate signing existing AMO add-ons ahead of having submission UI ready | |||
- Kev to write up notes on go/no-go criteria | |||
- Wil Clouser - Hotfix addon bug will be fired for Thunderbird, duplicating that which exists for Firefox. (done?) | |||
- Need overview of signing process for all addons. What gets signed first, [lan for remainder. (Wil) | |||
- Need policy for signing experiments. Extensions only currently, and themes are excluded from checking and verification. | |||
- (product) Need decision on term we use for what a signed addon is (vs. | |||
certified). Need product and copy involved to take discussion. | |||
- Text and location for information page needs to be finalized for initial warning that links to unsigned addons. | |||
- (justin) Need reactive answer for why addon signing will not be enabled on Android for PR. | |||
- Larissa to speak to Eric about marketing/comms rep on team | |||
Open Issues | |||
- Need additional tests for what happens when the pref is on | |||
- devs are asking if there can be a bug for an upload API - not blocking but something we need to get onto a roadmap | |||
Notes | |||
- Blog post went up on Wednesday, yay! Reaction: not much volume, challenge to claim that there's nowhere on the machine that we can save signing info that malware can't get at. Mac has per app storage that can't be seen from other apps. Don't want to build custom solution for Mac because we're not that worried about Mac only malware. | |||