canmove, Confirmed users
285
edits
SecurityEngineering/MeetingNotes/07-11-13: Difference between revisions
Jump to navigation
Jump to search
SecurityEngineering/MeetingNotes/07-11-13 (view source)
Revision as of 22:14, 18 July 2013
, 18 July 2013→Q2 Goals Postmortem
| Line 19: | Line 19: | ||
= Q2 Goals Postmortem= | = Q2 Goals Postmortem= | ||
* [MISS] land the application reputation scanning tool bug 662819 (mmc) | * [MISS] land the application reputation scanning tool bug 662819 (mmc) | ||
** issues with Download Manager | |||
** need more people from our team working on it | |||
* [DONE] Turn Mixed Content Blocking on in Aurora (tanvi) | * [DONE] Turn Mixed Content Blocking on in Aurora (tanvi) | ||
** evangelizing internally key (still faced a lot of backlash from release) | |||
** QA (thanks Matt!) [LIKE] | |||
** working with Chrome security team (we should continue to do this) | |||
** at one point we were going to land in 21, ended up in 23. This caused communication issues (telemetry) between the different release managers for the different releases. | |||
** Future goals could already be there - couldn't, too busy working more like a Project Manager. This will happen more as we take on more ambitious projects. | |||
** https://bugzilla.mozilla.org/show_bug.cgi?id=843977 | |||
** https://bugzilla.mozilla.org/show_bug.cgi?id=844556 | |||
** https://bugzilla.mozilla.org/show_bug.cgi?id=843977 | |||
** Telemetry : https://bugzilla.mozilla.org/show_bug.cgi?id=781018 | |||
* [MISS] land classic cert validation replacement, off by default (bsmith) builds on all platforms, same revovation as classic, pending tests for edge case certtificates (certificate usages & chain building). | * [MISS] land classic cert validation replacement, off by default (bsmith) builds on all platforms, same revovation as classic, pending tests for edge case certtificates (certificate usages & chain building). | ||
** big problem came down to reviews. | |||
*** cviecco trusted bsmith not to make horrible mistakes, which in itself was a mistake. | |||
*** not enough communication (mostly bsmith's fault). | |||
** "real goal" is turning everything on this quarter, and that's looking good. | |||
** "meeting the (artificial) goal" could have been done if had focused more on that, rather than the important work that underpins other stuff. Maybe this was not a good goal in the first place. | |||
** https://bugzilla.mozilla.org/show_bug.cgi?id=878932 | |||
* [DONE] land OCSP stapling support and tests (keeler) | |||
** Non-controversial, not user facing. Buy-in from outside the team. | |||
** Slow review cycles :( | |||
** https://bugzilla.mozilla.org/show_bug.cgi?id=700693 | |||
* | * [DONE] Revamp the MDN documentation of CSP and Mixed Content Blocker (imelven + tanvi) | ||
** Documentation people were supportive and did a lot of work | |||
** As long as you stay on top and contact them early, it's easily managable in a quarter | |||
* | * [DROP] Develop & socialize plan (document containing steps, timeline, implementation & test plan) for getting sandboxing onto a desktop Firefox, probably Linux (imelven) | ||
** Guillame's patch | |||
** A lot of support for sandboxing from inside the organization | |||
** Problem: no unified plan. Instead, a series of plans that were shot down/debated. Really hard to reach consensus on a first pass. | |||
* https://wiki.mozilla.org/Electrolysis/Roadmap | ** https://wiki.mozilla.org/Electrolysis/Roadmap | ||
** https://bugzilla.mozilla.org/show_bug.cgi?id=790923 | |||
* | * [MISS] Deploy pilot cookie study and publish results. (ddahl) | ||
** Pretty much done... but never got the data. "Strange" communication problem with the metrics team. ddahl blames himself. Everything else is ready for when the data finally appears. | |||
| Line 68: | Line 62: | ||
* Reviews | * Reviews | ||
Q3 - for our Q3 goals we tried to figure out what other teams need to be involved. We can update the team dependencies on our Q3 goals next week. | * Q3 - for our Q3 goals we tried to figure out what other teams need to be involved. We can update the team dependencies on our Q3 goals next week. | ||