Closed Bug 776616 Opened 13 years ago Closed 13 years ago

input.mozilla.org refresh-sec review

Categories

(mozilla.org :: Security Assurance: Review Request, task, P3)

Product:
mozilla.org
Component:
Security Assurance: Review Request
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jsocol, Assigned: freddy)

References

Details

(Whiteboard: [sec-review-complete][start 2012-12-17][target 2012-12-21][score:32:Medium])

I will answer the questionnaire later because at this point we are missing a bunch of information, but we're going to reboot Input's codebase, which will require security review, I assume. I don't have a new code repo yet. I don't even have a target for when we'll be code-complete for a 1.0, but I want to get on the radar. Ongoing small reviews would be way more efficient than one big, blocking review at the end. We plan to use all the continuous deployment infrastructure we can.
James: can you mark this as a blocker for the actual input.mozilla.org tracker bug?
Whiteboard: [pending secreview]
(In reply to Yvan Boily [:ygjb][:yvan] from comment #1) > James: can you mark this as a blocker for the actual input.mozilla.org > tracker bug? Will, can you file such a bug and mark this as a blocker? Yvan, when we're doing something huge like this, we don't tend to use tracker bugs for the whole thing because it's an ongoing project, there is no "done," state, only a "first release to public" state and after that we keep moving.
Making this block the input.mozilla.org phase 0 tracker bug.
Blocks: 780626
I will try to keep an eye on this for the questions and once answered we can get it through triage.
Whiteboard: [pending secreview] → [pending secreview][needs info]
> Who is/are the point of contact(s) for this review? WillKG, Cww, Me. > Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.): "The purpose of Firefox Input is to collect actionable feedback from our user base across each channel of our software development process. The application collects feedback and offers a set of analysis methods for looking at the resulting data." The goals of this rewrite are to: 1) Simplify and update the existing Input project. 2) Provide for more flexible feedback collection in Mozilla products (notably on Android and Firefox OS). 3) (Eventually) Provide a feedback platform for Open Web Apps. > Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description: https://wiki.mozilla.org/Firefox/Input https://github.com/mozilla/fjord > Does this request block another bug? If so, please indicate the bug number Bug 780626. > This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review? This affects our ability to collect feedback from H2 products, so high. > To help prioritize this work request, does this project support a goal specifically listed on this quarter's goal list? If so, which goal? Firefox OS/Maximize Firefox. Open Web Apps/Marketplace. > Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.) > Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users? Not this part of it, we're only looking at the web app/service component here. > Are there any portions of the project that interact with 3rd party services? Not to the best of my knowledge. > Will your application/service collect user data? If so, please describe Not in phase 0. Talking to Privacy about adding this at a later date. > Desired Date of review and whom to invite. Soon? And the contacts in the first question.
Whiteboard: [pending secreview][needs info] → [pending secreview][triage needed]
Assignee: nobody → amuntner
Whiteboard: [pending secreview][triage needed] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd]
Blocks: 797407
Risk/Priority Ranking Exercise https://wiki.mozilla.org/Security/RiskRatings Priority: 3 (P3) - Overall Mozilla Quarterly Goal Operational: 0 - N/A User: 4 - Critical Privacy: 0 - N/A Engineering: 3 - Major Reputational: 1 - Minor Priority Score: 32
Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][score:28::Medium]
Is there an update to when this secreview will be done?
Flags: needinfo?(amuntner)
Melissa, Is there a new code repo yet? I'm not sure where/how to track the current status of the project to be reviewed.
Flags: needinfo?(amuntner)
Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][score:28::Medium] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][score:28:Medium]
Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][score:28:Medium] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][score:32:Medium]
(In reply to Adam Muntner :adamm from comment #8) > Melissa, > > Is there a new code repo yet? I'm not sure where/how to track the current > status of the project to be reviewed. The new code is here: https://github.com/mozilla/fjord. As for status, we're pretty much just waiting on security review. We don't have much else to do on the site this quarter. Happy to answer any other questions.
Summary: input.mozilla.org refresh → input.mozilla.org refresh-sec review
Any updates on the timing of a secreview? We are in the final month of the quarter and this is a Q4 goal.
Flags: needinfo?(amuntner)
Is there anything I can help answer, for Adam or anyone else?
Are there any updates on this?
Priority: -- → P3
This is a Q4 goal and we are coming very close to the end of the quarter. Does the Security team expect the review to be done in the next few days so we can implement this before the end of the quarter?
Hi Melissa, I will get you an update on this by the end of the day. Is there a stage environment available for testing?
Hi Melissa, I'll complete your review this week.
Flags: needinfo?(amuntner)
Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][score:32:Medium] → [pending secreview][start 2012-12-17][target 2012-12-21][score:32:Medium]
To echo Yvan, a staging environment would be very helpful.
We've got it on a dev server: https://input-dev.allizom.org/ We aren't able to proceed to deploy it on a stage server until after the security review.
that works, thank you
We are now in 2013Q1 and this was a 2012Q4 goal. Is there any update as to when the sec review will be done, or if you need additional info from the team?
Any updates here?
Assignee: amuntner → fbraun
I am working on the sec-review right now, sorry this has taken so long. For some further testing I would take a look into the admin interface. :willkg on IRC said he could provide me with a temporary admin account for the sec review, so I just state it here in bugzilla for proper documentation :)
I generated an account and communicated it to :freddyb.
Depends on: 831132
Depends on: 831134
OK, I am done here. Ping me in the blockers if you have any questions about the remaining issues.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Whiteboard: [pending secreview][start 2012-12-17][target 2012-12-21][score:32:Medium] → [sec-review-complete][start 2012-12-17][target 2012-12-21][score:32:Medium]
You need to log in before you can comment on or make changes to this bug.