Closed
Bug 663895
Opened 13 years ago
Closed 11 years ago
Archive out of date pages and migrate developer docs in mozilla.org/projects/security
Categories
(NSS :: Documentation, defect)
NSS
Documentation
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 818313
People
(Reporter: davidwboswell, Unassigned)
References
()
Details
Out of date pages in mozilla.org/projects/security should be archived so that people don't come across these and think the information is current. Archived content will still be available on the archive site where there is a note on pages that the content is being made for historical reasons only. See: http://www-archive.mozilla.org/projects/security/ There are certainly pages still being actively maintained in this section, but it also looks like there are pages that haven't been touched in a long time. For instance, the Component Security main page hasn't had a non-formatting edit since 2006. http://www.mozilla.org/projects/security/components/index.html Any old developer documents in this section should also be migrated over to the appropriate places on MDN so that it is easier to maintain the documents and so it will be easier to find these documents when people search for security related information. To browse what files are in this section of the site, you can look through the SVN repository at: http://viewvc.svn.mozilla.org/vc/projects/mozilla.org/trunk/projects/security/ If someone who is familiar with this content could propose a list of pages to archive or migrate, that would be very helpful. The removal of out of date pages is a requirement for the upcoming merge of mozilla.org and mozilla.com so ideally we'll be able to review the content in here within the next few weeks.
Reporter | ||
Updated•13 years ago
|
Assignee: nobody → nobody
Component: www.mozilla.org → Documentation
Product: Websites → NSS
QA Contact: www-mozilla-org → documentation
Reporter | ||
Comment 1•13 years ago
|
||
In a different bug, Nelson mentioned that the NSS product and Documentation component is the right place to discuss issues with the www.mozilla.org/projects/security pages. Could someone please review the content currently on www.mozilla.org and recommend what can be archived, what can be migrated to MDN or the wiki and what should remain on www.mozilla.org? Thanks.
Comment 2•13 years ago
|
||
Here’s the stuff that I know about… -- Content that needs to stay in www.mozilla.org/projects/security/ certs/included certs/pending certs/policy certs/certificate-list-html.xsl certs/certificate-list.css certs/index.html security-bugs-policy.html -- Content that can be archived certs/certfiles certs/ev certs/removal-policy (this is in the main policy now) certs/cacertlist.csv Thanks, Kathleen
Comment 3•13 years ago
|
||
Here’s my opinion on other files (though I don’t maintain them). -- Content that needs to stay in www.mozilla.org/projects/security/ known-vulnerabilities.html older-vulnerabilities.html membership-policy.html secgrouplist.html tld-idn-policy-list.html -- Content that can be archived phishing-test-results.html
Comment 4•13 years ago
|
||
The following have disappeared: http://www.mozilla.org/projects/security/certs/pending http://www.mozilla.org/projects/security/certs/included Can you add them back quickly?
Comment 5•13 years ago
|
||
Is it perhaps because the index files are xml?
Reporter | ||
Comment 6•13 years ago
|
||
Kathleen, this is likely to be an issue with the mozilla.com/.org merge that just went live. I'm copying James Long on this who can figure out what's going on with serving those .xml files. Note that if this is from the merge, we should open a separate bug since it's not related to archiving out of date pages.
Comment 7•13 years ago
|
||
Bug 681902 filed. Gerv
Reporter | ||
Comment 8•13 years ago
|
||
(In reply to Kathleen Wilson from comment #3) > Here’s my opinion on other files (though I don’t maintain them). > > -- Content that needs to stay in www.mozilla.org/projects/security/ > > known-vulnerabilities.html For this page, it looks like an out of date version of: http://www.mozilla.org/security/known-vulnerabilities.html We should remove the one from /projects/security I imagine and redirect.
Reporter | ||
Comment 9•13 years ago
|
||
Based on earlier comments the following have just been archived in r94942 and r94943. /projects/security/phishing-test-results.html /projects/security/certs/certfiles /projects/security/certs/ev /projects/security/certs/removal-policy /projects/security/certs/cacertlist.csv
Reporter | ||
Comment 10•13 years ago
|
||
The files in comment #9 are almost all from the certs directory, but I'm still seeing lots of old files in other parts of the /projects/security section that could be archived such as Netscape PKCS #11 Test Suites. http://www.mozilla.org/projects/security/pki/pkcs11/netscape/index.html Can someone else take a pass through the rest of the files? Are there specific people to ping about reviewing the /components and /pki directory?
Comment 12•12 years ago
|
||
From bug 801686 comment 0: > A good chunk of the files under http://www.mozilla.org/projects/security/ have not > been updated in at least 3 years. Many of them are out-of-date and have likely been > superseded by better and more easily editable documents. > > These documents can probably be archived: > > http://www.mozilla.org/projects/security/known-vulnerabilities.html > http://www.mozilla.org/projects/security/membership-policy.html > http://www.mozilla.org/projects/security/older-vulnerabilities.html > http://www.mozilla.org/projects/security/security-bugs-policy.html > http://www.mozilla.org/projects/security/utf7xss.html > http://www.mozilla.org/projects/security/components/ > > The following appear to still be in active maintenance: > > http://www.mozilla.org/projects/security/index.html > http://www.mozilla.org/projects/security/secgrouplist.html > http://www.mozilla.org/projects/security/tld-idn-policy-list.html > http://www.mozilla.org/projects/security/certs/ > http://www.mozilla.org/projects/security/pki/ P.S. I wonder if this bug shouldn't be in a www.mozilla.org component?
Comment 13•12 years ago
|
||
(In reply to Gordon P. Hemsley [:gphemsley] from comment #12) > From bug 801686 comment 0: >> A good chunk of the files under http://www.mozilla.org/projects/security/ >> have not been updated in at least 3 years. Many of them are out-of-date >> and have likely been superseded by better and more easily editable documents. >> >> These documents can probably be archived: Please do NOT archive the following pages. Even though they have not been modified in a long time, they are still valid and in use. http://www.mozilla.org/projects/security/membership-policy.html http://www.mozilla.org/projects/security/security-bugs-policy.html http://www.mozilla.org/projects/security/components/ The following documents do look to be very out-of-date. Dan, do you agree that these can be archived? >> http://www.mozilla.org/projects/security/known-vulnerabilities.html >> http://www.mozilla.org/projects/security/older-vulnerabilities.html >> http://www.mozilla.org/projects/security/utf7xss.html The known-vulnerabilities page is linked to from http://www.mozilla.org/projects/security/index.html So this index page should be updated to either remove the link or fix it to point to wherever the current known-vulnerabilities page is. Dan?
Comment 14•12 years ago
|
||
(In reply to Kathleen Wilson from comment #13) > Please do NOT archive the following pages. Even though they have not been > modified in a long time, they are still valid and in use. > > [...] > http://www.mozilla.org/projects/security/components/ bz indicated in bug 427347 comment 8 that the following could be archived: http://www.mozilla.org/projects/security/components/per-file.html There was also talk in bug 292630 (albeit not by security folks) that the following could likely be archived: http://www.mozilla.org/projects/security/components/jssec.html http://www.mozilla.org/projects/security/components/signed-scripts.html Keep in mind, too, that archiving (1) does not remove the content, only moves it out of active service, and, more importantly, (2) does not preclude the movement of contents onto MDN, where it can be actively maintained. It has been established in the aforementioned bugs (and possibly elsewhere) that the contents of at least the components pages mentioned above are out of date. Why not move them all to MDN, where they can be more easily updated? I think the components pages should be audited for continued relevance in general, as well.
Comment 15•12 years ago
|
||
"X.509 v3 Certificate Store" should be moved under "Open Source PKI Projects" because the certificate store is maintained as part of NSS and PSM. I find the distinction between http://mozilla.org/projects/security/ and http://mozilla.org/security/ confusing. Also, IMO, http://mozilla.org/projects/security/ should be refactored/expanded so that it is the place to go for *current* security projects like CSP, HSTS and similar things, the web app security model, etc. It needs a lot of work. RE: http://www-archive.mozilla.org/projects/security/components/: * Signed Script Policy * Configurable Security Policies (CAPS) * Signed Scripts & Privileges: An Example * Using a Master Certificate for Remote Trust Grants * Configuring Per-File Privileges See bug 787269, bug 750859, and bug 790023. A lot of this functionality has been removed. * Mozilla.org Policy on Handling Security Bugs * Current Members of the Mozilla security group * Known Vulnerabilities in Mozilla Should be removed and we should make sure mozilla.org/security is up-to-date. * Slides from 'Intro to Mozilla Security' talk, 3/4/02 (XML)' Remove.
Comment 16•12 years ago
|
||
In fact, AFAICT, "Component Security" is test off just being torched. Whatever information is there is best put somewhere else. E.g. same-origin policy should be described well enough on MDN, "People" should be at mozilla.org/security, and the wishlist can be removed and replaced once we know what we want to say.
Comment 17•12 years ago
|
||
(In reply to Brian Smith (:bsmith) from comment #16) > In fact, AFAICT, "Component Security" is test off just being torched. > Whatever information is there is best put somewhere else. E.g. same-origin > policy should be described well enough on MDN, "People" should be at > mozilla.org/security, and the wishlist can be removed and replaced once we > know what we want to say. Who can make that happen?
Comment 18•12 years ago
|
||
(In reply to Brian Smith (:bsmith) from comment #15) > I find the distinction between http://mozilla.org/projects/security/ and > http://mozilla.org/security/ confusing. I do too. How is it determined if something should go in mozilla.org/security versus mozilla.org/projects/security? I just noticed that http://www.mozilla.org/projects/security/known-vulnerabilities.html http://www.mozilla.org/projects/security/older-vulnerabilities.html appear to have been replaced by http://www.mozilla.org/security/known-vulnerabilities/index.html http://www.mozilla.org/security/known-vulnerabilities/older-vulnerabilities.html So should the old (projects/security) pages be changed to re-directs to the new pages?
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•