Closed
Bug 745314
Opened 13 years ago
Closed 13 years ago
Perform Security Review for Mozilla Reps Portal 0.2.5
Categories
(mozilla.org :: Security Assurance: Review Request, task)
mozilla.org
Security Assurance: Review Request
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: bensternthal, Assigned: mfuller)
References
Details
(Whiteboard: [release 0.2.5][pending secreview][start mm/dd/yyyy][target mm/dd/yyyy])
This is the security review for the 0.2.5 release.
Overview: Mozilla Reps web tools and portal is the next phase of tools for the Mozilla Reps program. Its purpose is to provide the required tools for the day to day operations of the hundreds of Reps signed up in the program. Diversity of the Reps and Geographic distribution are key features of the program and those tools should help unify community practices and tools of mozillians around the world.
Project Scope: Backend will be developed by Giorgos in Playdoh, and fronend by Pierros based on the recently developed onemozilla templates. By the end of 2012Q1 profiling, mentorship and event functionality will be delivered.
Dependencies: None
Assumptions: We will use the remo repository in mozilla's github org.
Deliverables: All specs and functionality is described here https://wiki.mozilla.org/ReMo/Website/Roadmap1#Deliverables and here: https://wiki.mozilla.org/ReMo/Website
== Source Code ==
https://github.com/mozilla/remo
== Dev, Stage & Prod ==
Dev: reps-dev.allizom.org
Stage: reps.allizom.org
Prod: reps.mozilla.org
== Bugzilla Info ==
Product / Compotent: Mozilla.org/webdev
CC: pierros@mozilla.com
== Timeline ==
Please see the latest weekly status report for schedule:
https://wiki.mozilla.org/Websites/ReMo_Mozilla_Reps
Who is/are the point of contact(s) for this review?
Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.):
Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description:
Does this request block another bug? If so, please indicate the bug number This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?
Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.)
Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users?
Are there any portions of the project that interact with 3rd party services?
Will your application/service collect user data? If so, please describe
If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size):
Desired Date of review (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html) and whom to invite.
Reporter | ||
Comment 2•13 years ago
|
||
Sorry about missing the questions I used an outdated template:
==================================================
Who is/are the point of contact(s) for this review?
Product owner - Pierros Papadeas
Developers - Giorgos Logiotatidis
TPM - Benjamin Sternthal
Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.):
This is a sec review of the 0.2.5 release of the Mozilla Reps website. This is primarily a minor fix/design enhancement release. You can see the current scope of the 0.2.5 release here:
https://wiki.mozilla.org/Websites/ReMo_Mozilla_Reps/Open-Bugs
Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description:
The project wiki contains everything about this project and we try to make sure this is truth. Both the list of features and current schedule can be seen here. The weekly status report is also a handy overview of our status:
https://wiki.mozilla.org/Websites/ReMo_Mozilla_Reps
Does this request block another bug? If so, please indicate the bug number This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?
This request blocks our launch of 0.2.5 but has no other blocks.
Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.)
Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users?
This project only affects the mozilla reps website.
Are there any portions of the project that interact with 3rd party services?
We use a third party for the interactive map: https://reps.mozilla.org/people/
Will your application/service collect user data? If so, please describe
Yes, however this functionality is already in the app and live. I do not think there are major changes to this included in the 0.2.5 release.
If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size):
Desired Date of review (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html) and whom to invite.
We have the sec review scheduled for 5/14 - 5/16 and have confirmed via email with Yvan that these dates are OK.
So this review will be with yvan only, no group review meeting?
Reporter | ||
Comment 4•13 years ago
|
||
This review will be with Yvan only.
![]() |
||
Updated•13 years ago
|
Assignee: nobody → yboily
Whiteboard: [release 0.2.5][pending secreview] → [release 0.2.5][pending secreview][secr:yvan]
![]() |
||
Updated•13 years ago
|
Status: NEW → ASSIGNED
![]() |
||
Updated•13 years ago
|
Keywords: sec-review-needed
Whiteboard: [release 0.2.5][pending secreview][secr:yvan] → [release 0.2.5][pending secreview][start mm/dd/yyyy][target mm/dd/yyyy]
Reporter | ||
Comment 5•13 years ago
|
||
Pinging for a status update. Right now we are tracking to Wed May 23 for launch.
Reporter | ||
Comment 6•13 years ago
|
||
Yvan, trying to get a status/update on this as we are set to launch tomorrow. Please let me know when you can.
Reporter | ||
Comment 7•13 years ago
|
||
Yvan we went forward with the launch, I would still like a sec review of the code, both to catch anything we might have missed and to get an official sign-off on the release.
Comment 8•13 years ago
|
||
Reassigning this to Matt since Yvan is out of office.
Should we test against
https://reps.mozilla.org/
or is there a staging enviornment?
Assignee: yboily → mfuller
Reporter | ||
Comment 9•13 years ago
|
||
Stage: http://reps.allizom.org/
Assignee | ||
Comment 10•13 years ago
|
||
For testing of various inputs on the user page, I'm going to need a test account. It authenticates through browser ID, but is there a way we can setup a test account I can login with?
Reporter | ||
Comment 11•13 years ago
|
||
Matt:
Pierros should be able to help you.
Pierros -> I added you to the cc list for this. This is the sec review we wanted for 0.2.5, it was delayed but we still wanted to get a review in (see comment thread)
Reporter | ||
Comment 12•13 years ago
|
||
I suggest we cancel this specific review:
- The code is already live
- This was primarily a design and code fix release
- I just filed a bug for the sec review of the next release happening in mid July.
https://bugzilla.mozilla.org/show_bug.cgi?id=764450
Matt are you OK with the above.
Assignee | ||
Comment 13•13 years ago
|
||
This is fine, we can move to the next one
resolving as won't fix, lets have a discussion about timing so we can prioritize the next review in the proper way, we have a lot going on with k9o and basecamp
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → WONTFIX
Reporter | ||
Comment 15•13 years ago
|
||
Agree. Anything i can do to help your team plan/get things done let me know.
You need to log in
before you can comment on or make changes to this bug.
Description
•