Closed Bug 745314 Opened 13 years ago Closed 13 years ago

Perform Security Review for Mozilla Reps Portal 0.2.5

Categories

(mozilla.org :: Security Assurance: Review Request, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: bensternthal, Assigned: mfuller)

References

Details

(Whiteboard: [release 0.2.5][pending secreview][start mm/dd/yyyy][target mm/dd/yyyy])

This is the security review for the 0.2.5 release. Overview: Mozilla Reps web tools and portal is the next phase of tools for the Mozilla Reps program. Its purpose is to provide the required tools for the day to day operations of the hundreds of Reps signed up in the program. Diversity of the Reps and Geographic distribution are key features of the program and those tools should help unify community practices and tools of mozillians around the world. Project Scope: Backend will be developed by Giorgos in Playdoh, and fronend by Pierros based on the recently developed onemozilla templates. By the end of 2012Q1 profiling, mentorship and event functionality will be delivered. Dependencies: None Assumptions: We will use the remo repository in mozilla's github org. Deliverables: All specs and functionality is described here https://wiki.mozilla.org/ReMo/Website/Roadmap1#Deliverables and here: https://wiki.mozilla.org/ReMo/Website == Source Code == https://github.com/mozilla/remo == Dev, Stage & Prod == Dev: reps-dev.allizom.org Stage: reps.allizom.org Prod: reps.mozilla.org == Bugzilla Info == Product / Compotent: Mozilla.org/webdev CC: pierros@mozilla.com == Timeline == Please see the latest weekly status report for schedule: https://wiki.mozilla.org/Websites/ReMo_Mozilla_Reps
Who is/are the point of contact(s) for this review? Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.): Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description: Does this request block another bug? If so, please indicate the bug number This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review? Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.) Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users? Are there any portions of the project that interact with 3rd party services? Will your application/service collect user data? If so, please describe If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size): Desired Date of review (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html) and whom to invite.
Sorry about missing the questions I used an outdated template: ================================================== Who is/are the point of contact(s) for this review? Product owner - Pierros Papadeas Developers - Giorgos Logiotatidis TPM - Benjamin Sternthal Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.): This is a sec review of the 0.2.5 release of the Mozilla Reps website. This is primarily a minor fix/design enhancement release. You can see the current scope of the 0.2.5 release here: https://wiki.mozilla.org/Websites/ReMo_Mozilla_Reps/Open-Bugs Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description: The project wiki contains everything about this project and we try to make sure this is truth. Both the list of features and current schedule can be seen here. The weekly status report is also a handy overview of our status: https://wiki.mozilla.org/Websites/ReMo_Mozilla_Reps Does this request block another bug? If so, please indicate the bug number This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review? This request blocks our launch of 0.2.5 but has no other blocks. Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.) Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users? This project only affects the mozilla reps website. Are there any portions of the project that interact with 3rd party services? We use a third party for the interactive map: https://reps.mozilla.org/people/ Will your application/service collect user data? If so, please describe Yes, however this functionality is already in the app and live. I do not think there are major changes to this included in the 0.2.5 release. If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size): Desired Date of review (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html) and whom to invite. We have the sec review scheduled for 5/14 - 5/16 and have confirmed via email with Yvan that these dates are OK.
So this review will be with yvan only, no group review meeting?
This review will be with Yvan only.
Assignee: nobody → yboily
Whiteboard: [release 0.2.5][pending secreview] → [release 0.2.5][pending secreview][secr:yvan]
Whiteboard: [release 0.2.5][pending secreview][secr:yvan] → [release 0.2.5][pending secreview][start mm/dd/yyyy][target mm/dd/yyyy]
Pinging for a status update. Right now we are tracking to Wed May 23 for launch.
Yvan, trying to get a status/update on this as we are set to launch tomorrow. Please let me know when you can.
Depends on: 732378
Yvan we went forward with the launch, I would still like a sec review of the code, both to catch anything we might have missed and to get an official sign-off on the release.
Reassigning this to Matt since Yvan is out of office. Should we test against https://reps.mozilla.org/ or is there a staging enviornment?
Assignee: yboily → mfuller
For testing of various inputs on the user page, I'm going to need a test account. It authenticates through browser ID, but is there a way we can setup a test account I can login with?
Matt: Pierros should be able to help you. Pierros -> I added you to the cc list for this. This is the sec review we wanted for 0.2.5, it was delayed but we still wanted to get a review in (see comment thread)
I suggest we cancel this specific review: - The code is already live - This was primarily a design and code fix release - I just filed a bug for the sec review of the next release happening in mid July. https://bugzilla.mozilla.org/show_bug.cgi?id=764450 Matt are you OK with the above.
This is fine, we can move to the next one
resolving as won't fix, lets have a discussion about timing so we can prioritize the next review in the proper way, we have a lot going on with k9o and basecamp
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → WONTFIX
Agree. Anything i can do to help your team plan/get things done let me know.
No longer depends on: 732378
You need to log in before you can comment on or make changes to this bug.