Q3 Goals Recap -
- Implement security model for basecamp
- Achieve go / no-go for Firefox sandboxing
- Land "final" Click to Play experience (address correctness and UX)
- Ship CSP compliant with W3C 1.0 spec (also helps B2G)
- Lead security/privacy dev community event or workshop
Review currently active (P1) features against their established milestones, identify any blockers - Security/Roadmap + Privacy/Roadmap
Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
Suggest additions or changes to roadmaps
Detailed discussion of features or outstanding issues as time permits
Additional Items
Upcoming events, OOO/travel, etc.

Goals

[ON TRACK] Security Model for basecamp
[DONE] Sandboxing
- we have a plan (Windows 8 metro) and buy into this plan from Asa
[ON TRACK] C2P user experience is on track
[AT RISK] CSP 1.0 compliance
- inline styles was discussed in W3C WG call, sounds like dveditz and tanvi can clarify the intent of the spec here - this is blocking CSP 1.0
- initial round of patches have gone through one round of review, going well
- big issues are : deprecation plan for old header, localization, and warning text when old header is used or both headers are sent
[DONE] per site 3rd party cookies in about:permissions landed
[DROPPED] community event or workshop

Q4 Potential Goals Discussion
- csp 1.0 land
- help b2g ship
- security event (l33t brown bag)

(libpkix - land in q4/q1?)

Other

Contributer interested in helping with security/privacy features. Working with tanvi and mgoodwin on security diagnostic report in devtools.

- crossing out https may prove to be "impossible". We may have to color the https in yellow/orange (to match the icon) instead of a strikethrough.

new click-to-play UI landed!
- uplifted to aurora (ff 17)
- some bugs. some will have to be fixed and uplifted to 17, and some are things to take care of in 18 and later.

iframe sandox bug - https://bugzilla.mozilla.org/show_bug.cgi?id=797909
- smaug picked it up, since ian is out.