Closed
Bug 860268
Opened 11 years ago
Closed 11 years ago
Security review for discovering and installing additional Social API providers
Categories
(mozilla.org :: Security Assurance: Review Request, task)
mozilla.org
Security Assurance: Review Request
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: psiinon, Assigned: mixedpuppy)
References
()
Details
(Whiteboard: [start 2013-04-29][target 2013-05-06][Fx])
Attachments
(1 obsolete file)
No description provided.
Reporter | ||
Comment 1•11 years ago
|
||
Hum, did I set the flags wrong? Didnt expect is to go all yellow ... ;)
Updated•11 years ago
|
Group: mozilla-corporation-confidential, core-security
Updated•11 years ago
|
Component: SocialAPI → Security Assurance: Review Request
Product: Firefox → mozilla.org
Version: unspecified → other
Updated•11 years ago
|
Status: NEW → ASSIGNED
OS: Linux → All
Hardware: x86_64 → All
Whiteboard: [pending secreview] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd]
Reporter | ||
Comment 2•11 years ago
|
||
Scheduling the secreview for Monday 6th May. Who should be invited from the dev team?
Comment 3•11 years ago
|
||
I'd suggest myself, Shane and felipe at a minimum. Markh might be interested as well.
https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html?view=month&action=view&invId=250699-250698&pstat=AC&exInvId=250699-312992&useInstance=1&instStartTime=1367870400000&instDuration=3600000 Subject: SecReview: discovering and installing additional Social API providers Location:"MTV-3V Very Good Very Mighty" <3v@mozilla.com>; "SFO 319 Golden Gate Bridge" <sfo319@mozilla.com> Resources: "MTV-3V Very Good Very Mighty" <3v@mozilla.com>; "SFO 319 Golden Gate Bridge" <sfo319@mozilla.com> Time: Monday, May 6, 2013, 1:00:00 PM - 2:00:00 PM GMT -08:00 US/Canada Pacific *~*~*~*~*~*~*~*~*~* Meeting Details: * Mon. 6-May-2013, 1300 PST * Where: - MTV: 3V-Very Good Very Mighty - SFO: 319 Golden Gate Bridge - Vidyo(9710) secreview [https://v.mozilla.com/flex.html?roomdirect.html&key=EEtiuXn8C5EP] * IRC Channel: #security * Etherpad: http://etherpad.mozilla.com/secreview * Dial-in Info (phone): - In office or soft phone: extension 92 - US/INTL: 650-903-0800 or 650-215-1282 then extension 92 - Toronto: 416-848-3114 then extension 92 - Toll-free: 800-707-2533 then password 369 - Conference num 99710 Items to be reviewed: https://bugzilla.mozilla.org/show_bug.cgi?id=860268 https://bugzilla.mozilla.org/show_bug.cgi?id=786133 Agenda: * Introduce Feature (5-10 minutes) [can be answered ahead of time to save meeting time] - Goal of Feature, what is trying to be achieved (problem solved, use cases, etc) - What solutions/approaches were considered other than the proposed solution? - Why was this solution chosen? - Any security threats already considered in the design and why? * Threat Brainstorming (30-40 minutes) * Conclusions / Action Items (10-20 minutes)
Reporter | ||
Comment 5•11 years ago
|
||
I've started some documentation here: https://mana.mozilla.org/wiki/display/SECURITY/Social+API+multi-providers+Security+Review mixedpuppy: can you see this? If so whats missing?
Flags: needinfo?(mixedpuppy)
Assignee | ||
Comment 6•11 years ago
|
||
(In reply to Simon Bennetts [:psiinon] from comment #5) > I've started some documentation here: > https://mana.mozilla.org/wiki/display/SECURITY/Social+API+multi- > providers+Security+Review > > mixedpuppy: can you see this? If so whats missing? looks ok, the second bullet in the concerns section (able to install second time before uninstall is complete) is merely bug 862314 that needs to be fixed.
Flags: needinfo?(mixedpuppy)
Updated•11 years ago
|
Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][Fx]
Updated•11 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][Fx] → [start 2013-04-29][target 2013-05-06][Fx]
Assignee | ||
Comment 8•11 years ago
|
||
This allows a provider to update the manifest and have it take affect without restarting firefox. If the provider is the current provider, it is completely reloaded. The "undo" panel is shown again, which isn't quite appropriate, but we wont be able to change strings (ie. we should uplift this to fx23)
Assignee: sbennetts → mixedpuppy
Attachment #763717 -
Flags: review?(gavin.sharp)
Assignee | ||
Comment 9•11 years ago
|
||
Comment on attachment 763717 [details] [diff] [review] upgrade manifest from reactivation argh. added to wrong bug, I should eat first I guess.
Attachment #763717 -
Attachment is obsolete: true
Attachment #763717 -
Flags: review?(gavin.sharp)
You need to log in
before you can comment on or make changes to this bug.
Description
•