Closed Bug 744955 Opened 12 years ago Closed 11 years ago

Security Review for TB: Modern Address Book - V1

Categories

(mozilla.org :: Security Assurance: Review Request, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: curtisk, Assigned: amuntner)

References

()

Details

(Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][score:0:Low])

Who is/are the point of contact(s) for this review?
    
Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.):
    
Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description:
    
Does this request block another bug? If so, please indicate the bug number This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?

Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.)

Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users?

Are there any portions of the project that interact with 3rd party services?

Will your application/service collect user data? If so, please describe 

If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size):

Desired Date of review (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html) and whom to invite.
Hey Curtis.

(In reply to Curtis Koenig [:curtisk] from comment #0)
> Who is/are the point of contact(s) for this review?

I am.

>     
> Please provide a short description of the feature / application (e.g.
> problem solved, use cases, etc.):

At this point, the feature is still in the design / definition state (see https://wiki.mozilla.org/Features/Thunderbird).

The general idea is to replace the current Thunderbird address book with one that's more useful (ie, it allows multiple email addresses, multiple phone numbers, etc).

>     
> Please provide links to additional information (e.g. feature page, wiki) if
> available and not yet included in feature description:

N/a.

So reading through the rest of your comment, it looks like you want to do security review on this feature...but the feature hasn't been defined yet.  Especially with the drive to the k9o event, some interesting initiatives have sprung up in the b2g project that might contribute to this one, but we're still doing our preliminary investigations.

The feature page will almost certainly be overhauled once those investigations have been completed.  Perhaps we can postpone the security review until after all of that work is completed?

-Mike
Yes, it is fine to postpone, when the feature reaches or nears design complete state that is a good time for us to do a review.
Assignee: nobody → curtisk
Whiteboard: [pending secreview] → [pending secreview][triaged waiting]
Assignee: curtisk → amuntner
Status: NEW → ASSIGNED
Whiteboard: [pending secreview][triaged waiting] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd]
Summary: TB: Modern Address Book - V1 → Security Review for TB: Modern Address Book - V1
Curtis, in case the new summary (starting with "Security Review for...") breaks your naming patterns, then please add [Security review] at the *end* of the summary, so that it's clear from search results that this bug is not about the TB feature "new AB" as such, but only about the sec-review. Having "Security Review" in the title will be in your best interest, to prevent users from dropping comments here on features of the new AB. Not everybody is aware of bug components, they are not displayed on search results, and it's easy to overlook them on the bug itself if the summary explicitly features "TB".
Summary: Security Review for TB: Modern Address Book - V1 → TB: Modern Address Book - V1
Sorry for spam, BMO was playing tricks on fields again... wasn't me
Summary: TB: Modern Address Book - V1 → Security Review for TB: Modern Address Book - V1
Risk/Priority Ranking Exercise https://wiki.mozilla.org/Security/RiskRatings

Priority: N/A

Operational: 0 - N/A
User: 0 - N/A
Privacy: 0 - N/A
Engineering: 2 - Normal
Reputational: 0 - N/A

Priority Score: 0
Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][score:0::Low]
Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][score:0::Low] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][score:0:Low]
Is this still a live initiative?
Thanks for pinging this. The initiative is being developed as an add-on for now at https://github.com/mikeconley/thunderbird-ensemble. The hope is to eventually merge the work into core - we'd likely want to do a proper security audit before that time.

But as for now, I think it's safe to remove this job from your queue.
Flags: needinfo?(mconley)
Flags: needinfo?(mconley)
Thanks Mike
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.