Open Bug 909491 Opened 7 years ago Updated 7 years ago

Need a sec review for the Firefox Account + Sync

Categories

(mozilla.org :: Security Assurance: Review Request, task)

task
Not set
normal

Tracking

(Not tracked)

Due Date:

People

(Reporter: deb, Assigned: dchanm+bugzilla)

References

(Blocks 1 open bug)

Details

(Whiteboard: [score=critical] u= c= p=1 s=sprint 6)

At some point we will need to schedule a full security review for the New Sync MVP, which is outlined here:

* https://wiki.mozilla.org/User_Services/Sync/v1
* https://wiki.mozilla.org/User_Services/Sync

I'm not sure what information is needed or when we'll be able to do this, which is why I'm cc'ing Lloyd and Richard (as there are likely to be follow-up questions).
Blocks: 909322
1) Who is/are the point of contact(s) for this review?
2) Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.):
3) Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description:
4) Does this request block another bug? If so, please indicate the bug number
5) This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?
6) To help prioritize this work request, does this project support a goal specifically listed on this quarter's goal list?  If so, which goal?
7) Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.)
7a) Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users?
7b) Are there any portions of the project that interact with 3rd party services?
7c) Will your application/service collect user data? If so, please describe
8) If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size):
9) Desired Date of review (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html) and whom to invite.
Flags: needinfo?(deb)
Whiteboard: [triage needed]
Hi Curtis,
I've added Chris Karlof to this bug.  He is the primary contact for this project. This is a cross-functional effort and we are working together with Fennec and Desktop engineering teams.

BTW, is David Chan still assigned to this project? If not, will you be our primary security contact for this project?

Cheers,
Tauni
(In reply to toxborrow from comment #2)
> Hi Curtis,
> I've added Chris Karlof to this bug.  He is the primary contact for this
> project. This is a cross-functional effort and we are working together with
> Fennec and Desktop engineering teams.

Excellent, we'll take all the good input we can get.

> 
> BTW, is David Chan still assigned to this project? If not, will you be our
> primary security contact for this project?
> 

I'm not sure of David's current responsibilities, I'm just the Sec PM that gets thing ready to be assigned and worked on. This bug is marked for triage and once we do that process it will get an owner for you all to work with.

> Cheers,
> Tauni
Assignee: nobody → dchan+bugzilla
Whiteboard: [triage needed]
Summary: Need a sec review for the New Sync MVP → Need a sec review for the Firefox Account + Sync
Putting this on our weekly triage. Fx Account / Sync / PiCL is pretty far along and we should be more involved.
Whiteboard: [score=critical] u= c= p=1 s=ready
Flags: needinfo?(deb)
Whiteboard: [score=critical] u= c= p=1 s=ready → [score=critical] u= c= p=1 s=sprint 2
Whiteboard: [score=critical] u= c= p=1 s=sprint 2 → [score=critical] u= c= p=1 s=sprint 4
Whiteboard: [score=critical] u= c= p=1 s=sprint 4 → [score=critical] u= c= p=1 s=sprint 5
Whiteboard: [score=critical] u= c= p=1 s=sprint 5 → [score=critical] u= c= p=1 s=sprint 6
You need to log in before you can comment on or make changes to this bug.