Closed Bug 936725 Opened 11 years ago Closed 10 years ago

[SecReview]: APK Factory

Categories

(mozilla.org :: Security Assurance: Review Request, task)

Product:
mozilla.org
Component:
Security Assurance: Review Request
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Due Date:

People

(Reporter: rforbes, Assigned: curtisk)

References

Details

(Whiteboard: u= c= p=1 s=) 

This is a infrastructure, part of marketplace, that will provide the ability to store private keys and have private keys uploaded to storage.  This is so we can sign apk's for developers and install them.
:rforbes - it would be helpful for background if you could answer these questions:

1) Who is/are the point of contact(s) for this review?
2) Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.):
3) Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description:
4) Does this request block another bug? If so, please indicate the bug number
5) This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?
6) To help prioritize this work request, does this project support a goal specifically listed on this quarter's goal list?  If so, which goal?
7) Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.)
7a) Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users?
7b) Are there any portions of the project that interact with 3rd party services?
7c) Will your application/service collect user data? If so, please describe
8) If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size):
9) Desired Date of review (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html) and whom to invite.
Assignee: nobody → curtisk
Flags: needinfo?(rforbes)
Whiteboard: [pending secreview] → u= c= p= s=ready
Whiteboard: u= c= p= s=ready → u= c= p=1 s=ready
I take a shot at this, knowing I am not able to answer all:
1. App Sec stuff: Raymond Forbes; Engineering: Wil Clouser/Bill Walker; Product Mgmt: David Almstrom
2. We're extending the marketplace to allow developers to also create Android Apps via an auto-generation of APK in the APK Factory.
3. https://wiki.mozilla.org/User:Clouserw/APKFactory and bug 896003
4. 874686 and 896003
5. 
   4-Mar, 2014 Fx 29 (General Audience) 
   10-December Fx 29 Nightly Open for patches
   21-Jan all work “fixed verified” by Fx29 Aurora
   24-Feb MWC; all work beta quality
6. no idea
7a. it will affect Firefox as it would need to support the discovery and installation of apps on Android
7b. certificates from Google
7c. will collect the same data as for other apps submitted to Marketplace
8. -
9. Date set to 18 Nov
Whiteboard: u= c= p=1 s=ready → u= c= p=1 s=sprint 2
Due Date: 2013-11-22
Whiteboard: u= c= p=1 s=sprint 2 → u= c= p=1 s=
Blocks: 941926
No longer blocks: 896003
Summary: SecReview: APK Factory → [SecReview]: APK Factory
Updated Target Timeline
*http://people.mozilla.org/~elancaster/PMTools/TrainSchedule2014.002.jpg

wk1 Jan : Install launch uninstall flow
mid-Jan : Presubmission Testing
31-Jan : last day for any bugfixes to land for client-side development
31-Jan : APK Factory
- - Marketplace Developer Flow
- - Marketplace Reviewer Flow
1-15 Feb : Developer dogfooding
15-Feb : Payments
27-29 Feb : MWC Prototype (offline capability)
Mar : Consumer dogfooding
29-Apr : Gen Audience release

6. Specific initiative - the launch of Firefox Mobile Apps on Android was included in Apps' team goals for 2013 / 2014
Updated Target Timeline
*http://people.mozilla.org/~elancaster/PMTools/TrainSchedule2014.002.jpg

wk1 Jan : Install launch uninstall flow
mid-Jan : Presubmission Testing
31-Jan : last day for any bugfixes to land for client-side development
31-Jan : APK Factory
- - Marketplace Developer Flow
- - Marketplace Reviewer Flow
1-15 Feb : Developer dogfooding
15-Feb : Payments
27-29 Feb : MWC Prototype (offline capability)
Mar : Consumer dogfooding
29-Apr : Gen Audience release

6. Specific initiative - the launch of Firefox Mobile Apps on Android was included in Apps' team goals for 2013 / 2014

9. Monday 9th or Monday 16th seems to look most clear for these attendees: Raymond Forbes; Engineering: Wil Clouser/Myk Melez/Mark Finkle; Product Mgmt: David Almstrom
Flags: needinfo?(rforbes)
Curtis - 
Please let us know when you can fit us into the sec review schedule! Preferred times above.
Flags: needinfo?(curtisk)
(In reply to Caitlin Galimidi from comment #5)
> Curtis - 
> Please let us know when you can fit us into the sec review schedule!
> Preferred times above.

I'll get you all set for the 9th, to help things go faster can you all answer the background questions here http://goo.gl/nqwngm
Flags: needinfo?(curtisk)
This is live. so i hope the sec review is closed out.
Curtis - do you have open questions?
Flags: needinfo?(curtisk)
Well we did a sort of review but since so much was still undone we concluded another review was needed, so I am going to defer to Raymond who was point on this project. I was running the group meeting and thus had bug ownership, not sure if we need to meet again or if Raymond has covered our concerns or not?
Flags: needinfo?(curtisk) → needinfo?(rforbes)
this was completed.

https://wiki.mozilla.org/Security/Reviews/APK_Factory
Status: NEW → RESOLVED
Closed: 10 years ago
Flags: needinfo?(rforbes)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.