Please provide a security review of the Get Involved metrics dashboard

VERIFIED FIXED

Status

VERIFIED FIXED
7 years ago
6 years ago

People

(Reporter: davidwboswell, Assigned: ygjb)

Tracking

Details

(Whiteboard: [start 2012-04-30][target 2012-05-07], URL)

(Reporter)

Description

7 years ago
The Metrics team has created a dashboard that tracks data coming from the mozilla.org/contribute Get Involved page.  We'd like to make that dashboard public so I'm filing a bug to have this reviewed by the Security team.

Please let me know if there is any additional information I can provide about this.
(Assignee)

Updated

7 years ago
Keywords: sec-review-needed
Whiteboard: [pending secreview]
Whiteboard: [pending secreview] → [secr:yvan]
(Reporter)

Comment 1

7 years ago
Just pinging to see if there's an ETA for this review.
QA Contact: mcoates → jstevensen
Component: Security Assurance: Applications → Security Assurance: Review Needed
Assignee: security-assurance → yboily
Status: NEW → ASSIGNED
(Reporter)

Comment 2

7 years ago
Is there an ETA for this review?
(Reporter)

Comment 3

7 years ago
Pinging again for an ETA for this review.  It's been over two months since this bug was filed and it would be helpful to have some visibility on timing to help schedule efforts around the bug that this is blocking.
(Reporter)

Comment 4

7 years ago
In terms of timing, I just talked to David Eaves and he has been invited to do a keynote at this year's OSCON and he would like to discuss what Mozilla is doing with community health metrics.  It would be great to have this dashboard public in time for that.  He needs to have his keynote wrapped up by mid-June.
David,

We'll get you an eta by the end of the day. Sorry for the lack of response.
(Assignee)

Comment 6

7 years ago
Per my chat with David we will aim to get this completed next week, however we still need some additional information, and may need to revise the target date.

Please provide the following information:
    Who is/are the point of contact(s) for this review?
    Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.):
    Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description:
    Does this request block another bug? If so, please indicate the bug number
    This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?
    To help prioritize this work request, does this project support a goal specifically listed on this quarter's goal list? If so, which goal?
    Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.)
        Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users?
        Are there any portions of the project that interact with 3rd party services?
        Will your application/service collect user data? If so, please describe 
    If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size):
    Desired Date of review (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html) and whom to invite.
Whiteboard: [secr:yvan] → [secr:yvan][start 2012-04-30][target 2012-05-07]
(Reporter)

Comment 7

7 years ago
I'll answer these questions as best as I can and pmartins will have additional information.

> Who is/are the point of contact(s) for this review?

David Boswell and Pedro Martins

> Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.):

This dashboard gives us insight into what people are interested in getting involved with at Mozilla and will give us the ability to improve the experience of become a contributor and to help teams become more effective at bringing new contributors onto their projects.

> Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description:

There is more information in bug 685992 (it started out as the bug to get the initial version of the dashboard created and has turned into a tracking bug for future enhancements).  The Metrics team may have additional information to share.

> Does this request block another bug? If so, please indicate the bug number

Yes, bug 728016.

> This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?

We'd like to have this dashboard public by mid-June at the latest.  

> To help prioritize this work request, does this project support a goal specifically listed on this quarter's goal list? If so, which goal?

Yes, having this dashboard be made public directly supports the high-level Grow Mozilla goals.

https://intranet.mozilla.org/2012Q2Goals#Grow_Mozilla

> Does this feature or code change affect Firefox, Thunderbird or any product or 
> service the Mozilla ships to end users?

No.

> Are there any portions of the project that interact with 3rd party services?

This is a question for pmartins.

> Will your application/service collect user data? If so, please describe 

Yes, this dashboard is based on data that was submitted by users through the Get Involved form at mozilla.org/contribute and is collected in the private contribute@mozilla.org mailman mailing list.
Keywords: sec-review-needed
Whiteboard: [secr:yvan][start 2012-04-30][target 2012-05-07] → [start 2012-04-30][target 2012-05-07]
(Reporter)

Comment 8

7 years ago
The target for this review is set as 2012-05-07.  Has that target date changed or is the review completed?
:yvan - ping pass to you on this one.
(Assignee)

Comment 10

7 years ago
Since this is a pentaho page with no new code, this review is complete.
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
(Reporter)

Comment 11

7 years ago
Yvan, thanks for the review.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.