Confirmed users
746
edits
Add-ons/Projects: Difference between revisions
Jump to navigation
Jump to search
Added Security and Mission-critical for AMO
(add h2s, begin adding AMO categories & content) |
(Added Security and Mission-critical for AMO) |
||
| Line 38: | Line 38: | ||
; Telemetry improvements | ; Telemetry improvements | ||
: Telemetry of the add-ons manager (about:addons) and performance of addons is currently incomplete. [targeting 62] | : Telemetry of the add-ons manager (about:addons) and performance of addons is currently incomplete. [targeting 62] | ||
=== Security === | |||
; Privacy Manifest Flags | |||
: We want to add support a number of privacy flags that developers can use to report the add-on's privacy practices to users. This would be set using the "privacy" key in the manifest, and would be displayed by the Add-on Manager. [targeting TBD, follows AMO] | |||
=== Performance improvements === | === Performance improvements === | ||
| Line 88: | Line 92: | ||
; Dynamic Theme Classification | ; Dynamic Theme Classification | ||
: We need to make a distinction between two types of themes: static and dynamic. All themes should be shown under 'themes' on AMO, but we need to determine how a developer specifies that, submits it, and what precautions or limitations we should put in place to protect users as much as is reasonable and prudent. | : We need to make a distinction between two types of themes: static and dynamic. All themes should be shown under 'themes' on AMO, but we need to determine how a developer specifies that, submits it, and what precautions or limitations we should put in place to protect users as much as is reasonable and prudent. | ||
=== Mission-critical technical needs === | |||
; AMO Salesforce integration | |||
: Legal requires integration basket API (for Salesforce) for about:addons newsletter signups. [targeting 2018.05.24] | |||
<strike>; Serve JSON update manifests | |||
: In order to remove RDF support, updates must stop using RDF and start using JSON. JSON has been supported since 45, and RDF and JSON support complicates tests that need to be rewritten in order to remove support for legacy (non-restartless) add-ons. [targeting 2018.05.24]</strike> | |||
; Hybrid Content Telemetry on the discovery pane | |||
: Legal requires that we remove uses of GA from Firefox, and while this is technically hosted on AMO, it is effectively in Firefox. [targeting 2018.06.28] | |||
; Data sync from PROD to DEV and STAGE | |||
: Out of date data continues to be a problem for testing on dev and stage in AMO, and a periodic, automated, safe, and selective sync will solve this. | |||
; Code review | |||
: Reviewers and staff need to be able to inspect any code submitted to AMO in order to respond to user or security complaints. The code and diff viewer for code review are based on libraries that aren't being actively maintained, and regularly require code changes in order to work. | |||
; Antispam - Akismet | |||
: There's a increasing amount of spam that is being manually removed from AMO. To combat this we can use Akismet's spam API to give an indication of whether any piece of UGC is spam or not; implementing this means we need to send all UGC to akismet. | |||
=== Security === | |||
; Two-factor auth for add-on devs | |||
: Bringing MFA to AMO to add more security around developer accounts that publish add-ons in order to prevent malicious content from being pushed to user browsers. | |||
; Privacy Manifest Flags | |||
: We want to add support a number of privacy flags that developers can use to report the add-on's privacy practices to users. This would be set using the "privacy" key in the manifest, and would be displayed on AMO. | |||