Closed
Bug 935707
Opened 11 years ago
Closed 11 years ago
SecReview: Java BrowserID crypto library for Android services projects
Categories
(mozilla.org :: Security Assurance: Review Request, task)
Tracking
(Not tracked)
VERIFIED
FIXED
Due Date:
People
(Reporter: mgoodwin, Assigned: mgoodwin)
References
Details
(Whiteboard: [completed secreview][score=medium] u= c= p=1 s=sprint 2)
>1) Who is/are the point of contact(s) for this review? Nick Alexander >2) Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.): >4) Does this request block another bug? If so, please indicate the bug number Yes, bug 799734 >5) This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review? >6) To help prioritize this work request, does this project support a goal specifically listed on this quarter's goal list? If so, which goal? >7) Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.) >7a) Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users? Yes, Firefox (android) >8) If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size):
Assignee | ||
Comment 1•11 years ago
|
||
Nick, please can you assist with the unanswered questions in comment 0?
Flags: needinfo?(nalexander)
Comment 2•11 years ago
|
||
(In reply to Mark Goodwin [:mgoodwin] from comment #0) > >1) Who is/are the point of contact(s) for this review? > Nick Alexander > > >2) Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.): This is an HTTP client for talking to the Mozilla Services token server. It is not user exposed, but instead shuffles tokens of one type (Browser ID assertions) for another type (token server tokens). > >4) Does this request block another bug? If so, please indicate the bug number > Yes, bug 799734 > > >5) This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review? Early Q1? We're hoping to ship end of Q1. > >6) To help prioritize this work request, does this project support a goal specifically listed on this quarter's goal list? If so, which goal? This supports Cloud Services only goal of shipping FxAccount on all major platforms. > >7) Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.) > >7a) Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users? > Yes, Firefox (android) > > >8) If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size): We'd like eyes, but this is not complicated. We take tokens and get other tokens. We could make parsing or formatting errors; we could overlook things; we could use Java APIs insecurely; but we're not introducing complicated new crypto code or flows.
Flags: needinfo?(nalexander)
Updated•11 years ago
|
Due Date: 2013-11-22
Updated•11 years ago
|
Whiteboard: [pending secreview][score=medium] u= c= p=1 s=ready → [pending secreview][score=medium] u= c= p=1 s=sprint 2
Comment 3•11 years ago
|
||
I just remembered that the code landed in m-c doesn't include all the tests. You can see JUnit 4 tests (that don't run on TBPL) at https://github.com/mozilla-services/android-sync/commits/775bb0f
Assignee | ||
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 4•11 years ago
|
||
Secreview complete.
Whiteboard: [pending secreview][score=medium] u= c= p=1 s=sprint 2 → [completed secreview][score=medium] u= c= p=1 s=sprint 2
Assignee | ||
Updated•11 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•