Minutes of the Staff Meeting of Monday 14th February 2005

Present: chase, gerv, dave, blizzard, jst, asa, chofmann, myk, dbaron, ben, mscott, cbeard, rafael, dougt, dveditz.

Mozilla 1.8b

  • Plan is to put security fixes on the trunk, release that, get feedback, and release Firefox 1.0.1 after that
  • Two more security fixes have got approval
  • 23 blockers left; 11 have approvals but haven't landed
  • 5 new nominations

Firefox 1.0.1

  • Worried about the ByteVerifier trojan; want to have a warning on start page
  • Need to get 1.4.2_06 or 1.5 to be protected
  • Should make some noise about this — "critical update from Sun"


  • Not yet ready to go
  • They have the setup in place they want to ship with, but not tested yet
  • Some testing was done over the weekend
  • 18th and 25th dates optimise our ability to update clients (because of "first week" bug and weekend effects)
  • 18th is aggressive but it might just happen

Firefox 1.1/Thunderbird 1.1

  • Not much to talk about; focus on 1.8b and 1.0.1

Contributor Awards

  • On the back burner for this week

IDN/punycode domain spoofing

  • Make sure the pref works so people can turn it off (done)
  • Default the pref to off for 1.0.1 and 1.8b; provide XPI or instructions to turn it on
  • Make it clear it's a registrar/registry issue, but we are protecting our users in the short term
  • What to do long term is a drivers issue
  • Need to have a discussion with Verisign, and find their plan for their plugin


  • kaie is part time, but he doesn't want full responsibility
  • request for recruitment of PSM helpers (Seamonkey/Thunderbird security UI)
  • collaborative, iterative, open development (not closed for 6 months and turn up with a 'finished' product)
  • ben and mscott are watching the certificate value discussion in

Emphasising Security

  • MF will be hiring a security guy/more security resources
  • rafael working with PR firm about messaging: security features prominently
  • dveditz was employed a year ago to focus on security

Got a response? TalkBack!