On 02/07/2014 03:10 PM, Garrett Robinson wrote: > On 02/07/2014 02:33 PM, Gavin Sharp wrote: >> Safe Browsing has typically been considered its own toolkit >> sub-module, and isn't a "content security policy" the same way CSP/MCB >> are. I don't really have any objection to grouping it with the others >> in a new module, though. > > True. gcp liked the idea and offered to be an owner, and it seemed to > align with who's doing most of the work on it these days. > > I am open to taking it out and leaving it as a submodule in toolkit if > there are any serious objections. > >> The "DOM" in your proposed Bugzilla component name seems misleading - >> this stuff doesn't seem particularly DOM-related. > > Most of this stuff lives under content/, but it's my understanding that > content/ will be merged into dom/ eventually and that it's the way of > the future. Hence the suggested location and component. If there's > another, better criteria for naming the component, I am happy to change it.
Yep, this is true, and it's already started. I don't have a problem with this stuff living in the DOM namespace in bugzilla, but I also wouldn't object if someone happens to come up with a different name. Names are mutable though, so in the interest in moving forwad here I'd recommend we create this module/component, and bike shed as necessary later. Thanks for pulling this stuff together and finding official owners for this stuff! Johnny >> Are there other upcoming/proposed code areas/features that you would >> see as also fitting under this module? > > There has been talk of rewriting nsIContentPolicy into a new Content > Policy API, in order to fix numerous problems with performance, the > difficulty in handling redirects, and interactions with add-ons. This > was first proposed by Jonas Sicking [0], and was resurrected at the DOM > workweek last week. That would certainly fit under this module. > > [0] > https://groups.google.com/forum/#!msg/mozilla.dev.platform/veLFoy09ydg/2XcWUXSiVbEJ > >> Gavin >> >> On Fri, Feb 7, 2014 at 11:10 AM, Garrett Robinson <[email protected]> >> wrote: >>> There are several "content security policies" that live in DOM >>> or toolkit, but the owners/peers of those modules are not the people who >>> do the majority of the work writing or editing code for these >>> components. I propose we create a new "Content Security" module to house >>> these related features. The features in question are: >>> >>> * Content Security Policy (CSP) >>> * Mixed Content Blocker >>> * Safe Browsing >>> >>> Name: "Content Security" >>> Description: Security-related content policies >>> Location: dom/security >>> Owners: Sid Stamm, Gian-Carlo Pascutto >>> Peers: Garrett Robinson, Tanvi Vayas, Dan Veditz >>> Bugzilla Component: Core::DOM: Security (needs to be created) >>> >>> Source dirs/files: >>> >>> * toolkit/components/url-classifier >>> * content/base/+ >>> ** test/csp >>> ** src/CSPUtils.jsm >>> ** src/contentSecurityPolicy.js >>> ** src/CSPService.cpp/h >>> ** public/nsIContentSecurityPolicy.idl >>> ** src/nsMixedContentBlocker.cpp/h >>> ** test/{test,file}_mixed_content_* >>> _______________________________________________ >>> governance mailing list >>> [email protected] >>> https://lists.mozilla.org/listinfo/governance > _______________________________________________ > governance mailing list > [email protected] > https://lists.mozilla.org/listinfo/governance > -- jst _______________________________________________ governance mailing list [email protected] https://lists.mozilla.org/listinfo/governance
