Re: Intent to Implement- Double-keyed HTTP cache

Hi Sebastian, I'm glad to see us moving toward having better isolation in this way. In discussions of this sort of keying strategy, the guidance I repeatedly hear is that "double-keying" isn't sufficient and that you need to key on the chain of origins. That is, if A frames B and C, and B in

Re: Must we rebuild all our rust code constantly?

Well, I have a problem now after trying to update sccache just in case I need a new version in the future. I did the following: cargo install --force sccache (I was not so sure of what the proper update procedure of already installed package. sccache 2.0.8-alpha-something was already

Re: Must we rebuild all our rust code constantly?

On 2019/08/21 3:52, Eric Rahm wrote: mach clobber --full Thank you for the tips. I will try this. At the same time, I have a feeling that the debug symbol that rustc generates may be a tad bigger than I would like it to be, but I need to investigate more about this. Chiaki

Watch out for build issues on non-Unicode systems

Hi, In bug 1575135 and bug 844509, we've changed how configure handles strings from files and subprocesses, to normalize everything to Unicode. On systems where the system locale is based on UTF-8 (e.g. most Linux or macOS), this shouldn't make a difference. On systems where the system locale

Intent to unship: Legacy MathML syntax for numbers

Hi, After the changes mentioned in previous announcements [1] [2] [3] [4], the valid MathML length values are almost a subset of CSS and we could consider relying on the CSS parser in the future. The only remaining difference is in the definition of numbers since MathML3 allows the following

Re: Intent to Ship New Certificate Viewer

Wow. This is awesome. So much better then the old certificate viewer! Thanks Nils > On 16Aug, 2019, at 12:52, Danielle Leblanc-Cyr > wrote: > > Hi everyone, > > We’re Carolina and Danielle, two Outreachy interns who have been working > with the Security Engineering team. We’ve spent the

Doc review request for MIME type “codecs” parameter article

If anyone has time to spare at some point, I've finished drafting a new article "The 'codecs' parameter in common media types” [1]. It’s intricate enough, and gathers enough information from a wide enough variety of tricky sources, that it would really benefit from a review for technical accuracy

Intent to unship AppCache

The design of AppCache brings many problems to the web platform from a performance and security perspective. Service workers have long solved the same use cases as AppCache. Removal of this code would bring a large reduction of code and complexity that is largely unmaintained. History Four

Re: Soft code freeze for Firefox 70, Aug 26

Correction, avoid risky changes from Aug 26th to Sept 2. Thanks to kwierso for pointing out my typo. - Liz On Wed, Aug 21, 2019 at 10:41 AM Liz Henry (:lizzard) wrote: > Hi there, > > On August 26th, we will be merging Firefox 70 from mozilla-central to beta > for the first time. In order to

Soft code freeze for Firefox 70, Aug 26

Hi there, On August 26th, we will be merging Firefox 70 from mozilla-central to beta for the first time. In order to avoid invalidating the testing we get out of late Nightly and the early Developer Edition builds and to ensure that we can roll out Beta 70 to a wider audience with confidence,

Intent to Implement- Double-keyed HTTP cache

Intent to Implement- Double-keyed HTTP cache Summary: Currently Browsers are vulnerable to cache-timing attacks, commonly referred to as XS Leaks attacks. Starting with Firefox 70 we want to explore a double-keyed HTTP cache. Instead of solely using the origin of the resource, we will double

Intent to Ship New Certificate Viewer

Hi everyone, We’re Carolina and Danielle, two Outreachy interns who have been working with the Security Engineering team. We’ve spent the past few months working on porting over pieces of the Certainly Something web extension

Re: Intent to Ship: Move Extended Validation Information out of the URL bar

I’m glad to hear it; the presence of the EV indicator often occupied so much space that the URL bar would become practically unusable. Example attached. On August 12, 2019 at 4:05:09 AM, Johann Hofmann (jhofm...@mozilla.com) wrote: The Chrome team recently removed EV indicators from the URL bar

Re: Fission Newsletter #2

Fission functionality is not platform-restricted as of right now for all desktop platforms (mobile not there yet). As Bobby said, WebRender dependency is solely for the memory reduction goal. -Neha. On Fri, Aug 9, 2019 at 2:37 PM Bobby Holley wrote: > On Fri, Aug 9, 2019 at 11:11 AM Nika