Security/B2G/Contribute: Difference between revisions

← Older edit

Security/B2G/Contribute (view source)

Revision as of 19:48, 9 December 2014

1,424 bytes added , 9 December 2014

m

adding some resources

Arroway

Confirmed users

152

edits

@@ Line 1: / Line 1: @@
 = How to contribute to Firefox OS Security =
-If you are willing to help making Firefox OS safer for users, there are are several ways to contribute:
+If you are willing to help making Firefox OS safer for users, there are several ways to contribute:
 == Implementing OS features ==
@@ Line 10: / Line 10: @@
 (This list is to be validated and improved by adding a first good bugs section)
-'''Security sandbox'''
+=====Improved privacy=====
-* https://wiki.mozilla.org/Security/Sandbox
+<bugzilla>{
-* {{bug|930258}}
+"status": ["NEW", "UNCONFIRMED", "ASSIGNED", "REOPENED"],
+"id": ["1033580", "1081731", "1085240"],
-'''Improved privacy'''
+"include_fields": "id, summary, status, assigned_to"
-* Private browsing mode
+}</bugzilla>
 * Encrypted messaging
-* OpenVPN support (currently being worked on, see {{bug|1033580}})
+* UI for controlling VPN settings (VPN)
-** UI for controlling VPN settings (VPN)
+* VPN configuration importing
-** VPN configuration importing
-'''Browser security features'''
+=====Browser security features=====
-* Improved SSL Support in FxOS
+<bugzilla>{
-** SSL Certificate Information UI
+"status": ["NEW", "UNCONFIRMED", "ASSIGNED", "REOPENED"],
-** Provide certificate exception management
+"id": ["769183", "919807", "1055426"],
-** Add SSL Certificate to cert.db {{bug|769183}}
+"include_fields": "id, summary, status, assigned_to"
+}</bugzilla>
-'''Plateform Security features'''
+=====Platform Security features=====
-* Improved process model (don’t run b2g as root) ({{bug|845191}})
+<bugzilla>{
-* Stronger passcode support {{bug|877541}}
+"status": ["NEW", "UNCONFIRMED", "ASSIGNED", "REOPENED"],
-* Device certificate management  {{bug|769183}}
+"id": ["845191", "877541", "769183", "909498", "947897", "773117", "777948", "930258"],
-* Proxy support in Firefox OS UI {{bug|909498}}
+"include_fields": "id, summary, status, assigned_to"
-* Proxy support in App Manager {{bug|947897}}
+}</bugzilla>
-* Block-listing mechanism for apps {{bug|773117}}
+* [https://wiki.mozilla.org/Security/Sandbox Documentation about sandboxing]
-'''Improved permission management'''
+=====Improved permission management=====
+<bugzilla>{
+"status": ["NEW", "UNCONFIRMED", "ASSIGNED", "REOPENED"],
+"id": ["961350", "910222", "943818", "967845", "970599", "1040348", "1055469", "940389"],
+"include_fields": "id, summary, status, assigned_to"
+}</bugzilla>
 * Global permission control for all apps and services
 * Per permission view for permissions (e.g. which apps have access to my contacts)
@@ Line 41: / Line 46: @@
 === Good practices for contributing ===
-For your contribution work to be successful, it is essential you follows some good practices:
+For your contribution work to be successful, it is essential you follow some good practices:
 '''Get in touch with us early'''
-Let us know you're starting to work on a feature. Depending on its size, implementing a security feature usually involve important designing decisions which has to be worked on with several teams: platform, Gaia, UX, security. It is also the perfect way to know if other people are working on similar or related features.
+Let us know you're starting to work on a feature. Depending on its size, implementing a security feature usually involves important designing decisions which have to be worked on with several teams: platform, Gaia, UX, security. It is also the perfect way to know if other people are working on similar or related features.
 You can start by contacting us, we will help you get in touch with the right people:
 * IRC channel #FxOSSec on irc.mozilla.org
@@ Line 65: / Line 70: @@
 You can help improving the Firefox OS apps ecosystem by writing or porting security-related apps on Firefox OS.
 This [https://herdir.nohost.me/pad/p/appsreview etherpad] tracks the apps known to be currently available on the Marketplace.
+TO BE ADDED: list of apps to be ported on Firefox OS
 == Doing security reviews ==
@@ Line 81: / Line 89: @@
 * [https://wiki.mozilla.org/Marketplace/Reviewers/Apps/Guide/SecReviewTraining Security review training for app reviewer]
 * [https://developer.mozilla.org/en-US/Apps/Security_guidelines Security guidelines for app developers and reviewer]
+To review an app installed from the Marketplace when you don't have direct access to the source code repository, you can use the DevTools in Firefox (depending on the version, [https://developer.mozilla.org/en-US/docs/Tools/WebIDE WebIDE] or the [https://developer.mozilla.org/en-US/Firefox_OS/Using_the_App_Manager App Manager]):
+* install the app (on the [https://developer.mozilla.org/en-US/docs/Tools/Firefox_OS_Simulator simulator] or on a real device)
+* then use the DevTools to debug it and have access to the source code
 === How to report a security issue: ===
@@ Line 96: / Line 108: @@
 For more information about how to provide translation for MDN pages, you can consult [https://developer.mozilla.org/en-US/docs/MDN/Contribute/Localize/Translating_pages these guidelines].
+== Learning resources ==
+=== JavaScript ===
+* Learning by reading:
+** [https://github.com/getify/You-Dont-Know-JS#titles You don't know JS]
+** [https://developer.mozilla.org/en-US/docs/Web/JavaScript JavaScript documentation and guides on MDN]
+* Learning by doing:
+** [https://www.codeschool.com/courses/javascript-road-trip-part-1 JavaScript Road Trip pt 1 on Code School]
+** [http://ejohn.org/apps/learn/ Learning Advanced JavaScript]
+** [https://webmaker.org/en-US/resources/literacy/weblit-CodingScripting WebMaker resources on JavaScript]
+** [http://nodeschool.io/ nodeschool.io]