Re: [b2g] Redesigning the trusted UI

Hi Fernando, Thanks for rekindling this discussion, with all the Haida changes now would seem like a good time to revisit trusted UI, and security UX in general. Firstly - a question: do we use Trusted UI for anything other than payments right now? I assume Firefox Accounts might plan to use t

Re: [b2g] Restricting some permissions to the System app?

The problem with this approach is it relies on developers knowing which permissions are should be system app only, and which ones can be used by other certified apps. We have already run into this with partner developers, and fair enough since this restriction isn't documented anywhere. Regardl

Re: [b2g] Redesigning the trusted UI

On Feb 7, 2014, at 9:07 PM, Fernando Jiménez Moreno wrote: > Hi Paul, > > thanks for your feedback! > > On 04/02/2014, at 07:06, Paul Theriault wrote: > >> Hi Fernando, >> >> Thanks for rekindling this discussion, with all the Haida changes now would

Re: [b2g] Redesigning the trusted UI

On Feb 7, 2014, at 8:59 PM, Antonio Manuel Amaya Calvo wrote: > On 04/02/2014 11:00, Frederik Braun wrote: >> On 27.01.2014 15:35, Fernando Jiménez Moreno wrote: >>> Hi folks! >>> >>> tl;dr: I would like to change the current trusted UI by: >>> >>> 1. A system dialog enabled via hardware button

[b2g] Emulator now has seccomp support

157, args 0 0 1 0 5 1. Killing process. If you see any errors like this, please raise a bug that blocks bug 929277. Further details on seccomp can be found see [2]. Any questions, either ask here, or come join #boxing on irc.mozilla.org. Thanks, Paul Paul Theriault Security Manager

Re: [b2g] What defines the scope of an app?

= Summary Version = Can we simplify your proposal by: 1. Removing the separation between hosted apps and regular web content 2. We add support multiple apps per origin, but make sure a specific url will always belong to one specific app, or be treated as web content. We achieve this by letting a

Re: [b2g] Let's fix updates

On 15 Apr 2014, at 8:42 pm, Ben Francis wrote: > On Tue, Apr 15, 2014 at 6:58 AM, Fabrice Desré wrote: > One piece is to provide an *easy* way to change the update channel. > > This definitely seems like the right solution for Gecko updates, and for > updates to Gaia apps which absolutely ha

Re: [b2g] Let's fix updates

OEMs will always have the power to modify and lock down our code - that doesn’t mean we should’t try to provide a better default. I don’t think that answer to this problem is a technical one though, more like: - making more information available to consumer so that can make more informed decisi

Re: [b2g] Let's fix updates

+1 and totally keen to help wherever I can. A related question, more for developer/power users: if developers had root access on their phones, could they just update Gecko and Gaia and expect this to work (most of the time anyways, I assume there would be bugs, dependent on what the underlyin

[b2g] Plan for Camera prompts in 2.0

We now have two camera APIs exposed to third-party apps in b2g - navigator.mozCamera and navigator.getUserMedia (which use the ‘camera’ and ‘video-capture’ permissions, respectively). Previously camera was certified only, and getUserMedia was prompt upon each use (i.e. no remembered choice, and

Re: [b2g] Plan for Camera prompts in 2.0

On 19 Apr 2014, at 11:42 am, Jonas Sicking wrote: > On Thu, Apr 17, 2014 at 4:07 AM, Paul Theriault > wrote: >> Both APIs have a similar prompt, and would likely have a similar name in the >> settings app, possibly leading to confusion for the user. So I think we >&

Re: [b2g] Factory device images?

This (MoCo-only) page has an answer for some devices including flame : https://intranet.mozilla.org/QA/B2G_Tips_and_Tricks On 13 Jun 2014, at 4:58 am, J. Ryan Stinnett wrote: > Do we keep factory images of devices around anywhere? > > For example, if I wanted to debug an issue that a user is

Re: [b2g] Future of packaged apps

On 19 Jun 2014, at 6:28 am, Ehsan Akhgari wrote: > Thanks for writing this up, Jonas! > > Here are a couple of questions: > > 1. If we only allow access to privileged APIs to resources that are served > from the "package" source through CSP, would the concern about injecting > inline scripts

Re: [b2g] Backups for Firefox OS

On 5 Aug 2014, at 5:42 pm, Frederik Braun wrote: > On 05.08.2014 06:42, Jonas Sicking wrote: >> On Thu, Jul 24, 2014 at 5:31 AM, Frederik Braun wrote: >>> But let's step back for a moment and think about use cases. >>> * back-up the whole system. i.e., everything that is required to do a >>> fu

Re: [b2g] Engineering Mode (aka "service menu")

So to summarise the security requirements &properties here: - Engineering mode will be disabled until the dialer (or other certified app) initiates the special web activity - Even with engineering mode enabled, only an app with the certified “engineering-mode” (or similar) permission can access

Re: [b2g] App signing strategy: support developer signature

On 7 Aug 2014, at 2:52 am, Andy McKay wrote: > > On Aug 1, 2014, at 2:34 AM, Stéphanie Ouillon > wrote: >> For specific reasons detailed below [3], we need to support a signature >> model compatible with the Android model [4]. Until now, the Marketplace >> has been using the same tools/model.

Re: [b2g] Engineering Mode (aka "service menu")

On 7 Aug 2014, at 9:38 pm, Adrian Custer wrote: > On 8/7/14 12:56 AM, Paul Theriault wrote: > > So to summarise the security requirements &properties here: > > > > - Engineering mode will be disabled until the dialer (or other > > certified app) initiates the s

[b2g] Enabling certified app debugging on production phones.

Currently in order to debug certified apps (i.e. gaia apps) you need a phone which is rooted, in order to set the "devtools.debugger.forbid-certified-apps" preference to false. Having this preference set to true is required on production phones as it allows basically root-level access through th

Re: [b2g] Enabling certified app debugging on production phones.

15:53, Stéphanie Ouillon wrote: > Hi, > On 09/09/2014 15:00, Kartikaya Gupta wrote: > > On 8/9/2014, 5:20, Paul Theriault wrote: > >> The challenge we had when talking through this situation previously > >> was that its difficult to distinguish between the device's o

Re: [b2g] Enabling certified app debugging on production phones.

Cloud Services; this includes Firefox >> Accounts, Find My Device, and prototyping work for backup/restore (though it >> seems other people are working on this independently, too). I'm very happy >> to discuss user/device security and user identity any time. I'm usually in

Re: [b2g] Enabling certified app debugging on production phones.

On 10 Sep 2014, at 3:30 pm, Andrew Sutherland wrote: > This seems like a good idea, but I think the approach may not go far enough. > I have some suggestions. > > I think there are a few scenarios that interact with the proposed > functionality: > 1: Lost, locked device found by a nefarious

Re: [b2g] Enabling certified app debugging on production phones.

> > Other options for user authentication I had been thinking about were: > > - pairing the phone with the computer it is going to be plugged into - maybe > via adb (maybe by use of 842747) or wifi (with upcoming wifi debugging) > - Ship phones with “developer NFC sticker” - basically an NFC

Re: [b2g] Enabling certified app debugging on production phones.

On 10 Sep 2014, at 7:16 pm, Stephanie Ouillon wrote: >> >> Other options for user authentication I had been thinking about were: >> >> - pairing the phone with the computer it is going to be plugged into - maybe >> via adb (maybe by use of 842747) or wifi (with upcoming wifi debugging) >> - Sh

Re: [b2g] Do we have attack-defense tree style models for Firefox OS?

Interesting email Andrew (as always!). Threat modelling is part of the security review process so we have formal threat models for parts of the system, but I don’t think we have a holistic threat model documented to the level to which you are describing. Certainly capturing security decisions an

Re: [b2g] RequestSyncAPI

+1 to allowing the user to mark networks as metered. The inability to do this makes me cry regularly when forget to forget networks. #costlyintertubeproblems On Mon, Jan 5, 2015 at 6:49 PM, Toby Kurien wrote: > Just a comment - treating "wifi" as a special case is perhaps not the best > strate

Re: [b2g] Why does FxOS has two similar features?

Hi Yusuke, its a prototype feature developed by a partner, though I’m not sure what the final plans for it are currently. You can find some more information in the bugs linked from https://bugzilla.mozilla.org/show_bug.cgi?id=1057675 Regards, Paul On 15 Jan 2015, at 3:45 am, Yusuke YAMAMOTO wr

Re: [b2g] Status of user security planning for FirefoxOS 3.0

help - please get in touch if you are reading this and think you can help. I’m not sure what Town Hall questions you are referring to, but if have further questions I’ll do my best to answer them. Thanks, Paul Theriault FxOS Security Lead [1] https://www.mozilla.org/en-US/security/advisories

Re: [b2g] Why do some commercial Firefox OS come locked (not rooted)?

I believe primary argument for not shipping rootable devices is security. For any device without a passcode, root access means all the user's data is trivially accessible to anyone with physical access to the phone. Of course, the downsides to this trade-off are the things you have listed below.

[b2g] Granting Permissions to the Web

Following up on the previous discussions [1] [2] I’ve been doing some analysis of the current app permission model for FxOS. This email is to start discussion around exposing APIs to web content - i.e. hosted apps and regular websites. I made some notes [3] and a table of all permissions [4] and

Re: [b2g] Granting Permissions to the Web

On 10 Feb 2015, at 7:44 pm, Wilson Page wrote: > Regarding access to telephony. We hoped that fxos would get to the point > where it is so hackable that users could potentially replace the dialer app > with something third-party. It's a bold move, but it's proof we've succeeded > in making 't

Re: [b2g] Granting Permissions to the Web

On 10 Feb 2015, at 9:52 pm, Julien Wajsberg wrote: > Hey Paul, > > Le 09/02/2015 12:41, Paul Theriault a écrit : >> === SMS === >> SMS is risky mainly due to the cost involved. Risks include cost of sending >> SMS and also SMS are very sensitive - e.g. often

Re: [b2g] Granting Permissions to the Web

On 11 Feb 2015, at 1:10 am, Anders Rundgren wrote: > On Tuesday, February 10, 2015 at 11:52:55 AM UTC+1, Julien Wajsberg wrote: >> Hey Paul, >> >> Le 09/02/2015 12:41, Paul Theriault a écrit : >>> === SMS === >>> SMS is risky mainly due to the cost

Re: [b2g] Granting Permissions to the Web

On Thu, Feb 12, 2015 at 8:58 PM, Benjamin Francis wrote: > Thanks for this Marcos, it makes a lot of sense, and thanks for the offer > of help. > > On 11 February 2015 at 01:13, wrote: > >> Thanks for putting these together. I would highly recommend that for any >> feature people want to add to

Re: [b2g] Granting Permissions to the Web

On 16 Feb 2015, at 10:07 pm, Marcos Caceres wrote: > > > > On February 16, 2015 at 3:51:34 PM, Paul Theriault (ptheria...@mozilla.com) > wrote: >> On Thu, Feb 12, 2015 at 8:58 PM, Benjamin Francis wrote: >>> I would suggest we should aim to migrate the vast m

Re: [b2g] Granting Permissions to the Web

On 17 Feb 2015, at 3:26 am, Benjamin Francis wrote: > On 16 February 2015 at 11:07, Marcos Caceres wrote: > > - deviceStorage:* > > Maybe the Quota Management API? I've not evaluated it, but worth having a > look: > https://dvcs.w3.org/hg/quota/raw-file/tip/Overview.html > > I don't think t

Re: [b2g] Service like apps

I can't comment on webby-ness, but I do have thoughts about security here. (OK, just one comment: this sounds like a variation on the existing inter app communications service - its there practically any differences, other than a forward declaration in the app manifest?Just a thought). In general

Re: [b2g] Service like apps

On Sat, Mar 7, 2015 at 9:26 PM, Antonio Manuel Amaya Calvo < antoniomanuel.amayaca...@telefonica.com> wrote: > > On 07/03/2015 10:20, Paul Theriault wrote: > > I can't comment on webby-ness, but I do have thoughts about security > here. > > (OK, just one comment:

Re: [b2g] Apps and Sensitive APIs

On Tue, Mar 10, 2015 at 11:23 AM, Jonas Sicking wrote: > (Sorry to change from dev-webapi to dev-b2g, but I think dev-b2g is > better given the size of these changes). > > On Wed, Feb 4, 2015 at 4:49 AM, Benjamin Francis > wrote: > > One potential answer is that: > > > >- Privileged hosted w

Re: [b2g] Implementation of permissions framework

See also the content on MDN: https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security On 11 Mar 2015, at 1:19 am, Stéphanie Ouillon wrote: > Hello, > > On 10/03/2015 10:17, Shivam Chaturvedi wrote: >> Hello devs, >> I was working around the code base searching for the implementati

Re: [b2g] The new audio channel management - status update

Have you put any thought into security permissions in this work? IE making the various channels safer so they can be exposed to third party apps (privileged, or maybe even hosted)? Specifically, moz-audio-channel-telephony & moz-audio-channel-ringer for which are permission exposed just for loop

[b2g] Removing the install step (was "Re: Proposed New Security Model”)

I’m splitting this off into a new thread since this seems to be a big change. Context from old thread: > On 5 Apr 2015, at 12:12 am, Jonas Sicking wrote: > >> >> Permissions >> >> If we want to grant permissions to apps which are not installed, I think we >> need to at least re-visit all the

Re: [b2g] Aligning on an App Model for the future

While I’m all for simplification, installation is a useful metaphor for signalling user intent. Removing installation leaves us limited to prompts only. Prompts are pretty limited in terms of a security mitigation and we will have a hard time authorising access to the privileged APIs, especially

[b2g] Revising the FxOS Permission Model

As we are getting closer to finalising the v3 permission mode, I wanted to share my current thoughts on a revised permission model for Firefox OS. My main goals in this effort are mainly: * simplify the permission model for users and developers * move the FxOS permission model more in line with

Re: [b2g] Opening data-stores to privileged apps

I don’t have any objections, but we to need to come up with sane permission mode & UX. See bug https://bugzilla.mozilla.org/show_bug.cgi?id=942641 > On 20 May 2015, at 2:26 am, Christopher Lord wrote: > > Hi all, > > I've recently been pr

Re: [b2g] Revising the FxOS Permission Model

ven be something we want to expose as customisation option. (more advanced users might want more control over permission, instead of cautious defaults) Still very keen for input - please speak up! :) Thanks, Paul > On 7 May 2015, at 2:36 pm, Paul Theriault wrote: > > As we are ge

Re: [b2g] Revising the FxOS Permission Model

> On 3 Jun 2015, at 5:40 am, Jonas Sicking wrote: > > On Wed, May 6, 2015 at 9:36 PM, Paul Theriault wrote: >> My main goals in this effort are mainly: >> >> * simplify the permission model for users and developers >> * move the FxOS permission model more i

Re: [b2g] Aligning on an App Model for the future

> One part I'm not sure about is if we're saying we want to grant permissions > based on pinning, how will Gecko know when a site is pinned? Currently an app > is registered in the app registry when it's installed via the Apps API using > its app manifest so that Gecko knows about it. What shou

Re: [b2g] Aligning on an App Model for the future

> On 11 Jun 2015, at 10:39 pm, Benjamin Francis wrote: > > On 11 June 2015 at 06:17, Paul Theriault <mailto:ptheria...@mozilla.com>> wrote: > We discussed this in another thread, but Jonas convinced me that pinning will > not have any security side-effects, and I’v

[b2g] CSP 1.0 changes will block inline styles in certified apps

(bcc dev-b2g) TLDR: Not urgent, but in certified apps, we need to move away from

Re: [b2g] WebActivities - launching an app from Firefox OS browser

See https://developer.mozilla.org/en-US/docs/WebAPI/Web_Activities I think you want "view". The docs say: type: "url" url: { required: true, regexp: /^https?:.{1,16384}$/ } Which means something lihe this: new MozActivity({ "name":"view", "data": { "type":"url",

Re: [b2g] WebActivities - launching an app from Firefox OS browser

Ah ok, sorry I misunderstood. Can you use a popup window in your app instead of switching to the browser proper? I.E. Are you aware that there is a difference between calling window.open(...,'_blank') and just window.open() in Firefox OS? In Firefox OS Apps, calls to window.open(...,'_blank') g

[b2g] UX for getUserMedia in FirefoxOS

In bug 853356, there is some discussion around the permission granting mechanism to allow content to ask for microphone access via getUserMedia. The current plan is to use a prompt & permission combination similar to the way geolocation is handled. To me this API is much more sensitive than geol

Re: [b2g] Building a privileged app using Angular JS ng-csp directive

I can't answer your question about angular, but you can find information about the CSP policy enforced for privileged apps here: https://developer.mozilla.org/en-US/docs/Apps/CSP Note that hosted apps don't have a CSP applied (unless you set CSP on the server which hosts the content), but privi

Re: [b2g] Moving apps to the sdcard

I assume that file permissions would be set to prevent adb access to app & data, as it currently is on /data ? Will there need to be any changes to APIs which allows access to the sdcard (devicestorage, usb mass storage) to prevent apps accessing other app's data? On Jun 7, 2013, at 3:00 PM,

Re: [b2g] Moving apps to the sdcard

I've started a risk assessment here: https://wiki.mozilla.org/Security/Reviews/AppsOnSDcard I'll keep it updated as the discussion continues. On Jun 11, 2013, at 8:26 AM, Anthony Jones wrote: > On Mon, Jun 10, 2013 at 9:23 AM, Mike Habicher wrote: >> On 13-06-10 12:18 PM, Jonas Sicking wrote:

Re: [b2g] Moving apps to the sdcard

On Jun 11, 2013, at 9:13 PM, Jonas Sicking wrote: > On Mon, Jun 10, 2013 at 11:09 PM, Paul Theriault > wrote: >> I've started a risk assessment here: >> https://wiki.mozilla.org/Security/Reviews/AppsOnSDcard >> I'll keep it updated as the discussion continue

Re: [b2g] Security for Web App

Just to add to Walter's email: This is the best document for an overview: https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security/Security_model In general I would say look to MDN (developer.mozilla.org) for more accurate documentation. Documents on https://wiki.mozilla.org/ are

Re: [b2g] Security for Web App

gt; together. > > Peter > > From: "Paul Theriault" > To: "Walter Chen" > Cc: "Kevin Hu" , "dev-b2g" > Sent: Tuesday, 18 June, 2013 4:57:22 AM > Subject: Re: [b2g] Security for Web App > > Just to add to Walter's email: >

[b2g] Surface manifest URL/origin for hosted apps?

(bcc marketplace & b2g) The manifest URL is the only reliable unique identifier for hosted apps, and currently we don't surface this to the user anywhere. We currently only expose data in the webapps manifest however this can change or become irrelevant to the web app hosted at a given URL. (e.

[b2g] Security Reviews for 1.2

. - Paul Paul Theriault Security Assurance, Firefox OS signature.asc Description: Message signed with OpenPGP using GPGMail ___ dev-b2g mailing list dev-b2g@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-b2g

[b2g] Angular & packaged apps

At campjs last weekend a bunch of people were making Firefox OS apps with Angular. They were testing in the simulator which runs apps as packaged apps. Because of this, they were getting errors related to the app: protocol, since angular relies on changing the URL hash. E.g. links to #/tasklist/

Re: [b2g] Security Reviews for 1.2

to me. >> >> As always, Mozilla security reviews are public, and anyone is welcome to >> participate. Feel free to get in touch to find out ways to help. >> >> - Paul >> >> Paul Theriault >> Security Assurance, Firefo

[b2g] Security Review Status 13-09-06

In the interest of raising visibility of security review within the project, I'm going to start sending weekly updates. Details of recently completed and in progress secreviews are below. Any questions/comments/suggestions, please get in touch with me, and/or review lead. ==Completed this wee

[b2g] Security implications of remote debugging on devices

(bcc dev-gaia) I have been discussing the security implications of remote debugging with a number of people and I wanted to through the question out to a wider audience. Remote debugging allows access to read any data in app and as such has implications for the scenario of when a user loses the

Re: [b2g] Security implications of remote debugging on devices

On Sep 10, 2013, at 6:43 PM, Dave Camp wrote: > On Tue, Sep 10, 2013 at 9:39 AM, Paul Rouget wrote: > > So your proposal would prevent people to steal password only if: > the phone doesn't have a code, the phone is not rooted, the > phone doesn't have an accessible sdcard, passwords are not rec

Re: [b2g] Security implications of remote debugging on devices

(removing gaia to avoid cross-posting) On Sep 10, 2013, at 6:39 PM, Paul Rouget wrote: > Paul Theriault wrote: >> (bcc dev-gaia) >> >> I have been discussing the security implications of remote debugging with a >> number of people and I wanted to through

Re: [b2g] Security implications of remote debugging on devices

On Sep 10, 2013, at 8:30 PM, Paul Rouget wrote: > Here is another option: > > 2 "remote debugging" checkboxes. > > - remote debug (give access to the apps you're working on) > - system remote debug (give access to everything) > > 'System remote debug' would wipe your /data/ partition first (on

Re: [b2g] Security implications of remote debugging on devices

o. > > We go in through a similar route to the remote debugger into the device(we > are just a different actor) > > David > > On 10/09/2013 16:29, Paul Theriault wrote: >> (bcc dev-gaia) >> >> I have been discussing the security implications of remote debugging

Re: [b2g] Security implications of remote debugging on devices

et there since how > would an App developer be able to test their app? I appreciate there are a > number of HUGE security and privacy issues that need to be overcome but I > think it should still be on the table even if for a later date. > > David > > On 10/09/2013 19:57, Pa

Re: [b2g] Security implications of remote debugging on devices

ose your device, you would be none-the-wiser. On Sep 15, 2013, at 8:52 AM, Jim Blandy wrote: > On 09/10/2013 10:58 AM, Paul Theriault wrote: >> My proposal makes its more difficult for someone with physical access to a >> phone without a passcode to steal sensitive app data. If we

Re: [b2g] Security implications of remote debugging on devices

On Sep 16, 2013, at 9:57 PM, Jim Blandy wrote: > On 09/15/2013 04:41 AM, Paul Theriault wrote: >> That's certainly a consideration although sometimes the access granted by >> the debugger is greater. Someone using your phone could read your emails, >> where as som

Re: [b2g] Firefox OS security discussion

On Sep 18, 2013, at 9:47 AM, Christopher Lee wrote: > +dev-b2g for additional input/thoughts > > Thanks, > Chris > > - Original Message - >> From: "Jim Porter" >> To: "Chris Lee" , "martin kurze" >> , ma...@sec.t-labs.tu-berlin.de >> Sent: Tuesday, September 17, 2013 6:20:43 PM >> Sub

[b2g] Help with navgiator.mozWifiManager.setHttpProxy

I was reviewing the mozWifiManager API [1] and I noticed the setHttpProxy method. I expected it to set a HTTP proxy on my wifi connection, but I can't seem to get it work, and its not documented on mdn yet [2]. I tried connecting to the system app in the app manager (debugger) and executing t

Re: [b2g] Help with navgiator.mozWifiManager.setHttpProxy

t; wrote: >> >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> On 13.11.2013 07:37, Paul Theriault wrote: >>> I was reviewing the mozWifiManager API [1] and I noticed the >>> setHttpProxy method. I expected it to set a HTTP proxy on my wifi

Re: [b2g] Help with navgiator.mozWifiManager.setHttpProxy

On Nov 18, 2013, at 5:56 PM, Jonas Sicking wrote: > On Sun, Nov 17, 2013 at 8:50 PM, Paul Theriault > wrote: >> I was curious too, so I dived into the code in a little: >> >> For mobile data (i.e. 3g etc), the proxy is set on the APN using the >> mo

Re: [b2g] how to AES on client?

This may interest you if you haven't seen it already (NaCL compiled into ASM.js): http://blog.opal.io/crypto-in-the-browser.html - Paul On Nov 21, 2013, at 10:45 AM, Daniel Roesler wrote: >> This is the exact problem that TLS (HTTPS, WebSockets over TLS, etc.) solves. > > Sometimes you want

[b2g] Security Reviews now on scrumbu.gs

Hi all, Security reviews are now being tracked on scrumbu.gs in two-week sprints matching the other functional teams. To find out what we are currently reviewing see the link below: http://scrumbu.gs/p/firefox-os-security-reviews/ I'll be filling up the backlog over the next fortnight - please

Re: [b2g] Proposal: PasswordManager on FxOS

On Dec 10, 2013, at 6:58 PM, Frederik Braun wrote: > On 09.12.2013 16:59, Fabrice Desré wrote: >> On 12/09/2013 01:44 AM, Jan Jongboom wrote: >>> I don't really know what I want. Just the stuff that we have in FF for >>> Android? Are those extensions or user scripts? >> >> FF for Android has old

Re: [b2g] Consistent B2G release tagging

If nothing else, can we at least add a notes to each branch description on https://wiki.mozilla.org/Release_Management/B2G_Landing which describes what the latest/final tagged version is? That might be a simple and flexible solution? >

Re: [b2g] Removing

is not implemented on FxOS. > On 12 Sep 2015, at 11:52 am, Anders Rundgren > wrote: > > This is not only related to Firefox OS. > > Google and Mozilla is apparently planning to remove where Google's > position is that the classic x.509 use-case is invalid on the Web for > privacy, secur