Closed
Bug 592716
Opened 15 years ago
Closed 15 years ago
Security review for FlightDeck
Categories
(Mozilla Labs Graveyard :: FlightDeck, defect)
Mozilla Labs Graveyard
FlightDeck
Tracking
(Not tracked)
RESOLVED
FIXED
0.6
People
(Reporter: clouserw, Assigned: mcoates)
References
()
Details
Flightdeck wants to land on Mozilla's production infrastructure and needs to have a security review before it goes live. As far as I know there hasn't been any up to this point so it's all fair game.
Documentation: https://wiki.mozilla.org/Labs/Jetpack/FlightDeck
Code: http://github.com/zalun/FlightDeck
Site: https://builder.mozillalabs.com/
Notes:
- There is a good possibility this will land on a URL like builder.addons.mozilla.org, so same domain concerns are legitimate.
- Piotr (CC'd) can answer technical questions and highlight points of concern
Timeline: It'd be nice to be well into this within the next couple weeks.
|
||
Comment 1•15 years ago
|
||
official repo is here: http://github.com/mozilla/FlightDeck
|
|
Assignee | |
Comment 2•15 years ago
|
||
I'll see what we can do for scheduling. We're pretty slammed at the moment. When is this going to be pushed live?
To clarify scope:
This review will focus on web based vulnerabilities within the app but will not include any testing of the actual created add-ons.
|
Reporter | |
Comment 3•15 years ago
|
||
(In reply to comment #2)
> I'll see what we can do for scheduling. We're pretty slammed at the moment.
> When is this going to be pushed live?
This is Mozilla - we want to push it tomorrow! ;) We'd like to have it live by the end of the month, but that's dependent on any bugs that are found or changes that need to be made for IT.
> To clarify scope:
> This review will focus on web based vulnerabilities within the app but will not
> include any testing of the actual created add-ons.
Yes, thanks.
|
||
Comment 4•15 years ago
|
||
David: Michael started this review last week, but it sounds like he isn't going to be able to continue working on it until Q4. Is this something you could take on over the next week or so to help in our drive to get this application onto production infrastructure by the end of Q3?
|
|
Assignee | |
Comment 5•15 years ago
|
||
From email chain:
Wil,
Let me know when all the code is updated to the next version. I may be
able to find a few evening hours to take another brief look. However, I
won't be able to give the site the review it deserves until Q4.
-Michael
|
|
Assignee | |
Comment 6•15 years ago
|
||
The flighdeck review is complete. All identified security bugs are listed as blockers of this bug.
Please let me know if you have any questions or comments. This bug will be marked as resolved once the blocking bugs are resolved and verified.
|
|
Reporter | |
Updated•15 years ago
|
Target Milestone: -- → 1.0
|
|
Reporter | |
Updated•15 years ago
|
Target Milestone: 1.0 → 0.6
|
|
Reporter | |
Comment 7•15 years ago
|
||
thanks
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•