Closed
Bug 735075
Opened 12 years ago
Closed 12 years ago
Sec Review: Distributed Events platform
Categories
(mozilla.org :: Security Assurance: Review Request, task)
mozilla.org
Security Assurance: Review Request
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: bsimon, Assigned: curtisk)
Details
(Whiteboard: [3rd party review])
We're starting a new project to support distributed learning events on the foundation side, which we're hoping to launch in early May. None of the major dev has begun, but we wanted to get this process started as early as possible. The roadmap is here: https://wiki.mozilla.org/Webmakers/Event_Platform 1) Who is/are the point of contact(s) for this review? Ben Simon, Michelle Thorne, & Ross Bruniges 2) Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.): The project in 5 sentences: -Events are a major participation and community engine of Mozilla's webmaker efforts. -We need a place to track webmaker events worldwide. -That enables users to learn about, create, import, sign up for, and leave feedback about events. -The site should allow for communication among organizers, participants, and staff. -And it should be dead-simple to use. 3) Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description: In addition to the wiki above, here are a couple of blog posts we've written as background: engagingopenly.wordpress.com/2012/03/05/moving-forward-with-distributed-events/ http://michellethorne.cc/2012/03/mullet/ 4) Does this request block another bug? If so, please indicate the bug number Not yet 5) This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review? We want to launch by early may, in time for our summer campaign (https://wiki.mozilla.org/Foundation_Summer_2012_Campaign_Roadmap), which means we likely need a fairly expedited review. 6) Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.) Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users? >>NO Are there any portions of the project that interact with 3rd party services? >>Yes, Blue State Digital, which already provides the foundation's contribution and mailing management. Will your application/service collect user data? If so, please describe >>Yes, we will be collecting user data for event creation and RSVP actions. 7) If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size): Don't think I have anything extra -- hopefully the wiki & posts help answer additional Qs.
Assignee | ||
Updated•12 years ago
|
QA Contact: mcoates → jstevensen
Assignee | ||
Comment 1•12 years ago
|
||
we need to figure out a process for a 3rd party review
Assignee: security-assurance → curtisk
Keywords: privacy-review-needed
Whiteboard: [pending secreview] → [secr:curtisk][3rd party review]
Assignee | ||
Updated•12 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Comment 2•12 years ago
|
||
adding mcoates and yvan to this bug as I am not sure where we are with 3rd party reviews and how we need to proceed to keep this on track for desired release.
Ross can chime in further, but happy to help faciliate any reviews -- all the data will either be on Blue State Digital infrastructure (which has been thoroughly reviewed in the past), or on Mozilla infrastructure.
Assignee | ||
Updated•12 years ago
|
Whiteboard: [secr:curtisk][3rd party review] → [3rd party review]
Comment 4•12 years ago
|
||
Sorry - I've not seen any emails from him bug before... What is the third part aspect of this review? Is this to review the BSD events codebase?
Hey all, Upping the priority on this as our public launch date is May 15. If it helps in going through things, here's the notes from the data safety consultation we had with the DS team: https://privacy.etherpad.mozilla.org/68 PW: apr12 In terms of 3rd party reviews, BSD has already been reviewed extensively in our process to get them on board as our contribution processor, so there shouldn't be much more that needs to be done there. We expect to have a full platform up and running by later this week or very early next week for you to be able to review. Please let us know what we can help provide.
Severity: normal → critical
Assignee | ||
Comment 6•12 years ago
|
||
Security wise we are good as this has been vetted before. We would like to preform a brief review when the page goes live just to be sure. Privacy wise I will leave that up to the experts from that area to chime in.
Keywords: sec-review-needed → sec-review-complete
Great, thanks Curtis. We'll post links here once things are ready for you to take a look.
Comment 8•12 years ago
|
||
(In reply to Curtis Koenig [:curtisk] from comment #6) > Security wise we are good as this has been vetted before. We would like to > preform a brief review when the page goes live just to be sure. Privacy wise > I will leave that up to the experts from that area to chime in. So just to hopefully clear up any confusion with whether we're reviewing third party or internally hosted code I've drafted a quick explanation here: https://teamross.etherpad.mozilla.org/13 The Blue State Digital platform code can be found at https://donate.mozilla.org/page/event/create We're having trouble deploying our code at the moment but it will live at (for dev) make-dev.mozillalabs.com. Our github repo is at https://github.com/rossbruniges/make.mozilla.org Hope this information is useful, any further questions please let me know.
Hey Curtis et al - here's the functionally complete (though still fixing some final bugs from QA) events site: https://make-dev.mozillalabs.com/en-US/events/
Assignee | ||
Updated•12 years ago
|
Whiteboard: [3rd party review] → [3rd party review][triage 2012.05.16]
Reporter | ||
Comment 10•12 years ago
|
||
Heads up that this is basically code complete and through legal/privacy review. We're planning to soft-launch very soon, once it's pushed to production. Please let us know if there's any need to hold.
Comment 11•12 years ago
|
||
FYI: domain is webmaker.org, cturra is on ops duty, and working w/ Ryan to get a temporary cert until we can transfer webmaker.org to mozilla formally.
Reporter | ||
Comment 12•12 years ago
|
||
Closing this out as I believe all sec review is finished here. Thanks all!
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•12 years ago
|
Keywords: privacy-review-needed
Assignee | ||
Updated•12 years ago
|
Whiteboard: [3rd party review][triage 2012.05.16] → [3rd party review]
Updated•12 years ago
|
Keywords: sec-review-complete
Assignee | ||
Updated•12 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•