//mash/....*.mojom need a security review |
||||||||||
Issue descriptionThese interfaces don't appear to have gone through security review. Marking ReleaseBlock-Stable to be on the safe side for now. I'm not actually sure what mash is, is this related to the mus+ash work?
,
May 14 2016
,
May 15 2016
Yes, mash is mus+ash work. I'm removing the release block stable as this work isn't shipping in the next release.
,
May 15 2016
OK, thanks for the clarification. To make sure I understand correctly, this also means that none of the mojo endpoints are currently exposed in a chrome binary?
,
May 16 2016
A chromeos gn build has the end points exposed, but we're not shipping that anywhere yet.
,
May 17 2016
,
Jul 6 2016
,
Jul 13 2016
,
Jul 18 2016
,
Aug 9 2016
I'm starting to take a look at this. Are there design documents for this somewhere? Unforunately, most of this is quite foreign to me, and I'd like to understand the relationships between the clients of these interfaces and their implementations (i.e. is the client less trusted than the service implementation? -- it's not very clear to me just looking at these interfaces)
,
Aug 9 2016
There is documentation on various parts of mus and mash here: https://drive.google.com/corp/drive/folders/0B8MZXOiSimBbbzhYT0RPdVRqU0k . Before tackling the mash interfaces make sure you read up on mus. Latest design doc for it is here: https://docs.google.com/document/d/17WIE1uA4LrC9mt15ZKBNleT8jtNowBQUl4gE1pmizUU/edit#heading=h.nb23z7tv692y .
,
Aug 10 2016
Removing from the security sheriff queue.
,
Mar 9 2018
Un-cc-ing me from all bugs on my final day. |
||||||||||
►
Sign in to add a comment |
||||||||||
Comment 1 by dcheng@chromium.org
, May 14 2016