I don't believe the code is ready entirely for "review", but the process is (e.g., the Sync document) and we should establish the criteria for further steps.
We're in contact with Raymond Forbes about this.
Whats the status of this?
What kind of security review are you all looking for?
Not my bug, I am just trying to understand the status. ianb can probably explain.
I'm afraid we haven't really progressed past the "hi, let's talk security review" phase. We have I guess three major pieces that should be reviewed, though on exactly what schedule I'm not sure. There is the specification itself, and then the client and server (and I guess also the Soup client, which is a different implementation). We are also trying to use Sauropod, but I would consider that a separate review process. There's also a general question about what aspects of applications can be sync'd and to what effect, especially if installed application carry around permissions. But so far we don't have any concrete examples of that. But it's something that could emerge as a security question if we extend applications, even if sync doesn't change in the process.
We should put this review on hold, pending design changes.
A Pivotal Tracker story has been created for this Bug: https://www.pivotaltracker.com/story/show/24808869
Whiteboard: devPreviewNonBlocker → devPreviewNonBlocker [nonmwcblocker]
The old app sync codebase is no longer going to be supported. Apps in the cloud will be under a different codebase. None of these bugs are valid anymore.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.