Flightdeck wants to land on Mozilla's production infrastructure and needs to have a security review before it goes live. As far as I know there hasn't been any up to this point so it's all fair game. Documentation: https://wiki.mozilla.org/Labs/Jetpack/FlightDeck Code: http://github.com/zalun/FlightDeck Site: https://builder.mozillalabs.com/ Notes: - There is a good possibility this will land on a URL like builder.addons.mozilla.org, so same domain concerns are legitimate. - Piotr (CC'd) can answer technical questions and highlight points of concern Timeline: It'd be nice to be well into this within the next couple weeks.
official repo is here: http://github.com/mozilla/FlightDeck
I'll see what we can do for scheduling. We're pretty slammed at the moment. When is this going to be pushed live? To clarify scope: This review will focus on web based vulnerabilities within the app but will not include any testing of the actual created add-ons.
(In reply to comment #2) > I'll see what we can do for scheduling. We're pretty slammed at the moment. > When is this going to be pushed live? This is Mozilla - we want to push it tomorrow! ;) We'd like to have it live by the end of the month, but that's dependent on any bugs that are found or changes that need to be made for IT. > To clarify scope: > This review will focus on web based vulnerabilities within the app but will not > include any testing of the actual created add-ons. Yes, thanks.
Depends on: 593470
Depends on: 593487
Depends on: 593507
David: Michael started this review last week, but it sounds like he isn't going to be able to continue working on it until Q4. Is this something you could take on over the next week or so to help in our drive to get this application onto production infrastructure by the end of Q3?
From email chain: Wil, Let me know when all the code is updated to the next version. I may be able to find a few evening hours to take another brief look. However, I won't be able to give the site the review it deserves until Q4. -Michael
Depends on: 593508
Depends on: 598702
Depends on: 598709
Depends on: 598737
Depends on: 598758
Depends on: 599140
Depends on: 599150
Depends on: 599410
The flighdeck review is complete. All identified security bugs are listed as blockers of this bug. Please let me know if you have any questions or comments. This bug will be marked as resolved once the blocking bugs are resolved and verified.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Component: FlightDeck → FlightDeck
Product: Mozilla Labs → Mozilla Labs Graveyard
You need to log in before you can comment on or make changes to this bug.