Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Scope of Dev-Security List
54 views
Skip to first unread message
Michael Coates
Sep 17, 2013, 5:14:38 AM9/17/13
to mozilla-de...@lists.mozilla.org
All,
I'm very curious to hear your thoughts on the intended scope of this
list. Do you consider this list for discussions just on security
elements impacting Firefox? Or would you expect security discussion on
other Mozilla initiatives to be discussed here as well? For example,
MarketPlace, Persona, Picl, Firefox OS, etc?
The reason I ask the question is to better understand how we can
encourage discussions in these areas and cultivate the right discussion
forums to make this effective.
Thanks for your feedback.
--
Michael Coates
Director of Security Assurance
@_mwc
I'm very curious to hear your thoughts on the intended scope of this
list. Do you consider this list for discussions just on security
elements impacting Firefox? Or would you expect security discussion on
other Mozilla initiatives to be discussed here as well? For example,
MarketPlace, Persona, Picl, Firefox OS, etc?
The reason I ask the question is to better understand how we can
encourage discussions in these areas and cultivate the right discussion
forums to make this effective.
Thanks for your feedback.
--
Michael Coates
Director of Security Assurance
@_mwc
Sid Stamm
Sep 24, 2013, 1:35:51 PM9/24/13
to Michael Coates
On 09/17/2013 02:14 AM, Michael Coates wrote:
> I'm very curious to hear your thoughts on the intended scope of this
> list. Do you consider this list for discussions just on security
> elements impacting Firefox? Or would you expect security discussion on
> other Mozilla initiatives to be discussed here as well? For example,
> MarketPlace, Persona, Picl, Firefox OS, etc?
IMO: all of the above, and any security-related engineering work can be
> I'm very curious to hear your thoughts on the intended scope of this
> list. Do you consider this list for discussions just on security
> elements impacting Firefox? Or would you expect security discussion on
> other Mozilla initiatives to be discussed here as well? For example,
> MarketPlace, Persona, Picl, Firefox OS, etc?
discussed here. We have dev-firefox and dev-platform for things
specific to firefox and gecko. Many security topics overlap multiple
products, so this is a good place.
lists.mozilla.org says "Security of Mozilla products".
-Sid
Brian Smith
Sep 24, 2013, 3:33:40 PM9/24/13
to Sid Stamm, mozilla-de...@lists.mozilla.org, Michael Coates
On Tue, Sep 24, 2013 at 10:35 AM, Sid Stamm <sst...@mozilla.com> wrote:
> On 09/17/2013 02:14 AM, Michael Coates wrote:
> On 09/17/2013 02:14 AM, Michael Coates wrote:
> > I'm very curious to hear your thoughts on the intended scope of this
> > list. Do you consider this list for discussions just on security
> > elements impacting Firefox? Or would you expect security discussion on
> > other Mozilla initiatives to be discussed here as well? For example,
> > MarketPlace, Persona, Picl, Firefox OS, etc?
>
> > list. Do you consider this list for discussions just on security
> > elements impacting Firefox? Or would you expect security discussion on
> > other Mozilla initiatives to be discussed here as well? For example,
> > MarketPlace, Persona, Picl, Firefox OS, etc?
>
> IMO: all of the above, and any security-related engineering work can be
> discussed here. We have dev-firefox and dev-platform for things
> specific to firefox and gecko. Many security topics overlap multiple
> products, so this is a good place.
>
> lists.mozilla.org says "Security of Mozilla products".
>
+1. I would prefer all security-specific discussions to happen here, and/or
> discussed here. We have dev-firefox and dev-platform for things
> specific to firefox and gecko. Many security topics overlap multiple
> products, so this is a good place.
>
> lists.mozilla.org says "Security of Mozilla products".
>
that people email links to security discussions happening on the other
mailing lists.
Cheers,
Brian
>
> -Sid
> _______________________________________________
> dev-security mailing list
> dev-se...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security
>
--
Mozilla Networking/Crypto/Security (Necko/NSS/PSM)
zen.r...@gmail.com
Sep 27, 2013, 7:39:21 PM9/27/13
to
Hi guys, I'm interested in Web security, is it possible to volunteer as part of your Security team ?
Frederik Braun
Sep 30, 2013, 4:49:13 AM9/30/13
to dev-se...@lists.mozilla.org, Yvan Boily
On 28.09.2013 01:39, zen.r...@gmail.com wrote:
> Hi guys, I'm interested in Web security, is it possible to volunteer as part of your Security team ?
Yes!
> Hi guys, I'm interested in Web security, is it possible to volunteer as part of your Security team ?
We are currently working on finalizing some project ideas for volunteers
to work on as part of our security mentorship program.
I don't think we're ready to go fully public yet, but if you have any
specific ideas in mind, feel free to reach out before that! We are also
in #security on irc.mozilla.org ;)
I think Yvan (in CC) will surely know more!
Curtis Koenig
Sep 28, 2013, 11:45:16 AM9/28/13
to zen.r...@gmail.com, dev-se...@lists.mozilla.org
Hi Zen,
Yes, we have contributors to our security work. We mostly hang out in the #security channel on the mozilla irc. Our web security team has efforts around tool development for finding and reporting security flaws, as well as preforming security reviews on the code and web services manually. We do all of this in the open so your also welcome to attend our meetings and security reviews as they occur. We would appreciate hearing from you and doing what we can to help you contribute to our security efforts.
--
Curtis Koenig
Mozilla Corp.
Security Program Manager
On 27 Sep, 2013, at 19:39 PM, zen.r...@gmail.com wrote:
> Hi guys, I'm interested in Web security, is it possible to volunteer as part of your Security team ?
Yes, we have contributors to our security work. We mostly hang out in the #security channel on the mozilla irc. Our web security team has efforts around tool development for finding and reporting security flaws, as well as preforming security reviews on the code and web services manually. We do all of this in the open so your also welcome to attend our meetings and security reviews as they occur. We would appreciate hearing from you and doing what we can to help you contribute to our security efforts.
--
Curtis Koenig
Mozilla Corp.
Security Program Manager
On 27 Sep, 2013, at 19:39 PM, zen.r...@gmail.com wrote:
> Hi guys, I'm interested in Web security, is it possible to volunteer as part of your Security team ?
far...@furcadia.com
Oct 5, 2013, 7:00:02 PM10/5/13
to
On Tuesday, September 17, 2013 4:14:38 AM UTC-5, Michael Coates wrote:
> All,
> I'm very curious to hear your thoughts on the intended scope of this
> list.
Well, I was very disappointed not to find any discussion here of the issues and challenges that W3C's decision on DRM for HTML5 would bring for security.
> All,
> I'm very curious to hear your thoughts on the intended scope of this
> list.
I sort of expected people to be all over that here, when I saw the group name.
The security issues raised here:
https://bugzilla.mozilla.org/show_bug.cgi?id=923590
...are pretty huge, but they should be being discussed in this group, not hidden away in a bug report.
DRM in HTML5 - *if* the decision is made to back it - almost certainly means:
- The end of verifiably-secure, open-source FF.
- The end of FF as part of security projects like TOR, TAILS, etc, since if FF uses closed binary blobs then it cannot be trusted.
0 new messages