There was a great deal of discussion on the project owners list about the upcoming Firefox 3 update security changes. After discussion with Dave Townsend, Mozdev was able to figure out that we don't need to enforce SSL downloads in order to have secure updates.

The secure updates discussion continued into a discussion of secure installations until Mook pointed us at InstallTrigger, which AMO uses for installations. This would allow for non-SSL downloads of the XPIs or JARs while verifying they came from a secure source. Mozdev will need to put some work into a download registration system, but this seems like a good solution that already has some weight behind it.

Most of my time this week was spent working on making Drupal work for Mozdev. Unfortunately I couldn't get it to work from selected URLs (such as /blog, /wiki, or /forums) but only from a single root (ie, /drupal and /drupal/blog, /drupal/wiki, or /drupal/forums). I've been experimenting with taxonomy, various modules, and configuring the many administrative options.

Drupal still seems like it will provide a good framework for providing blogs, wikis, forums, and perhaps other CMS services for Mozdev, so I'll be moving forward with setting up a test installation on our staging server and solicit help from Chris Neale for integrating into Mozdev's themes.