Received: by 10.68.220.229 with SMTP id pz5mr7983455pbc.5.1331473745319;
        Sun, 11 Mar 2012 06:49:05 -0700 (PDT)
Path: h9ni13952pbe.0!nntp.google.com!news2.google.com!Xl.tags.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!local2.nntp.dca.giganews.com!nntp.mozilla.org!news.mozilla.org.POSTED!not-for-mail
NNTP-Posting-Date: Sun, 11 Mar 2012 08:49:04 -0500
Return-Path: <luke.leigh...@gmail.com>
X-Original-To: dev-secur...@lists.mozilla.org
Delivered-To: dev-secur...@lists.mozilla.org
X-Virus-Scanned: amavisd-new at mozilla.org
Authentication-Results: notorious.mozilla.org (amavisd-new); dkim=pass
	header...@gmail.com
Received-SPF: pass (gmail.com ... _spf.google.com: 209.85.161.178 is
	authorized to use 'luke.leigh...@gmail.com' in 'mfrom' identity
	(mechanism 'ip4:209.85.128.0/17' matched))
	receiver=notorious.mozilla.org; identity=mailfrom;
	envelope-from="luke.leigh...@gmail.com";
	helo=mail-gx0-f178.google.com; client-ip=209.85.161.178
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	bh=fMVkiJP0XnxT1RGth0rrz+Po0Hdw7DawcpfLVxajk3M=;
	b=qGiFq4fpkvba8kv1G3pjv84WvPdw5NSWqJB43Sw6iYQc87+ml41cKsVGOrvzqa3Vay
	6WtnfJDGbRpP0QtE/CppUDkAtpUYSmzoVb+nT9wlJ00szXZxbOD6wjEnRk7PpWeTzHYy
	PobPnYzHk8J3oCa7IdQfz/02Y7pEiAFEOD1QKo4tJEBUfJXjovofHS8anQZ2cZBCGTsX
	RZ1o+q1Xpd1BqzmoYHCSXrAYuSt57rKLwJPu0GlFegHM/kDqRXso0UjNjzD+ItIqlRRw
	sfLPiHTWnKfThI2FWe3qHxqtDW3XQKjG9zkE6WHNWGY/zFNcJtkdB9/dVI+avgTsqNdZ
	BW4A==
MIME-Version: 1.0
In-Reply-To: <CAPm8pjqD-8Uqpmgv59gn-PvmVq+GD282Vcbgpaj3s+tZ3nt=Fg@mail.gmail.com>
References: <4F529EC8.7060908@mozilla.com>
	<9B816263-B7D5-43B4-9897-F918F56A5209@mozilla.com>
	<4F5525DB.4010801@mozilla.com>
	<CAJE5ia9ge0WHL+-you12F3vAgn-Qx8ngF_mZzX39mqxD_FA=tQ@mail.gmail.com>
	<CADKQpGTw_Lj=1vkPp-AGrbxzuTYg9pm3YhvXpu=9uL_rm2_J3w@mail.gmail.com>
	<4F563D18.7070605@mozilla.com>
	<CA+yvPmdee8K4G=qQj2kj7bScZTZ-Xu9GCKuTTR=thwtu2qur3w@mail.gmail.com>
	<4F59CB02-5D54-42AA-89DF-5F7CB69FC...@mozilla.com>
	<CA+c2ei-vrLZeX67oWjJ8nNiAtotLBvOpg072h1YdPTySK9t...@mail.gmail.com>
	<CAPweEDyh0WSG6HB8Rgb+=kWdtKrdeXM4MnjW-r-AzYpisY6...@mail.gmail.com>
	<CAPm8pjqD-8Uqpmgv59gn-PvmVq+GD282Vcbgpaj3s+tZ3nt...@mail.gmail.com>
Date: Sun, 11 Mar 2012 13:48:55 +0000
Subject: Re: [b2g] Permissions model thoughts
From: lkcl luke <luke.leigh...@gmail.com>
To: Dean Landolt <d...@deanlandolt.com>
Cc: dev-weba...@lists.mozilla.org,
	=?UTF-8?Q?Fabrice_Desr=C3=A9?= <fabr...@mozilla.com>,
	"Matthew S. Finifter" <finif...@cs.berkeley.edu>,
	Jim Straus <jstr...@mozilla.com>, Ben Francis <b...@krellian.com>,
	Lucas Adamski <ladam...@mozilla.com>,
	Mozilla B2G mailing list <dev-...@lists.mozilla.org>,
	dev-secur...@lists.mozilla.org, Adam Barth <abarth-mozi...@adambarth.com>,
	Adrienne Porter Felt <a...@berkeley.edu>, Jonas Sicking <jo...@sicking.cc>
X-BeenThere: dev-secur...@lists.mozilla.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Security of Mozilla products <dev-security.lists.mozilla.org>
List-Unsubscribe: <https://lists.mozilla.org/options/dev-security>,
	<mailto:dev-security-requ...@lists.mozilla.org?subject=unsubscribe>
List-Post: <mailto:dev-secur...@lists.mozilla.org>
List-Help: <mailto:dev-security-requ...@lists.mozilla.org?subject=help>
List-Subscribe: <https://lists.mozilla.org/listinfo/dev-security>,
	<mailto:dev-security-requ...@lists.mozilla.org?subject=subscribe>
Approved: dev-secur...@lists.mozilla.org
Newsgroups: mozilla.dev.security
Message-ID: <mailman.13987.1331473744.31724.dev-secur...@lists.mozilla.org>
Lines: 27
X-Usenet-Provider: http://www.giganews.com
NNTP-Posting-Host: 63.245.208.166
X-AuthenticatedUsername: NoAuthUser
X-Trace: sv3-lg7VTzFyn+6N7AQPqQQy2heYuCJi384RKXW+ush/otGpyUbxML0djHXUkYYR6rMV6zmlTLoFRlMVos2!laIKYXLwofc4m99LYr1z8ySnmR+cuADYOybCJil8WZQb11jijBbcDji14oMlQLpSz6GMhGbFXA3V!rfpcedhgbiHvokzRfvK2DRa/G+X/ovdkmTF8
X-Complaints-To: ab...@mozilla.org
X-DMCA-Complaints-To: ab...@mozilla.org
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
X-Postfilter: 1.3.40
X-Original-Bytes: 5288
Content-Type: text/plain; charset=UTF-8

On Sun, Mar 11, 2012 at 1:43 PM, Dean Landolt <d...@deanlandolt.com> wrote:

> Regardless of the prompts and dialogs chosen it's critical -- for both devs
> and laymen -- to be able to able to get quick access to a detailed list of
> capability grants for any given application from the application itself. And
> not just for b2g and mobile -- it should be right there with view-source,
> fundamental to gecko.

 again, it is worth repeating: this recommended requirement needs to
be FORMALLY PLACED onto an OFFICIAL DOCUMENT.

 could someone please for the love of god take responsibility for that
task and actually make an announcement "we have created a wiki page
here {insert location} and are coordinating all requirements at that
specific location".

 if you do not have anyone who is actually doing that nor does anyone
have time to actually do so then it is indicative that the B2G project
requires an additional funded post, paid for by the mozilla
foundation, doesn't it?

 you cannot leave something like the security model of the B2G system
run along as an "arbitrary meandering path" that is completely
uncoordinated.  it's too fundamental and critical to the success of
the project.

l.