LGTM3
/Daniel
On 2022-01-14 13:58, Daniel Vogelheim wrote:
Hi all,
Hi Yoav,
Thanks for the feedback. I'd like to modify the intent timeline as
follows:
M99: Start showing a deprecation warning.
M99-105: Watch use counters + outreach to top-N users.
M105: Deprecate the feature by default.
Enabling/disabling will be via Finch, so we have an emergency shut-off.
An enterprise policy is already in place.
On Wed, Jan 12, 2022 at 6:45 PM Yoav Weiss <yoavwe...@chromium.org> wrote:
Hey Daniel!
While searching for this intent review, I stumbled upon
https://developer.chrome.com/blog/immutable-document-domain/
That's a useful piece of documentation! Thanks +Eiji Kitamura!!
This intent was just discussed at the API owner meeting (where
Chris, Rego, Daniel, Philip, Alex, MikeT and myself were present).
This change seems risky in terms of potential breakage when
looking at our stats, and that's even before talking about
enterprises, where a lot of the API owners feel the risk is even
higher.
Given that, here's a few potential next steps to try and reduce
that risk:
* UKM and outreach to specific large users of the API can maybe
help drive the usage down.
Will do. With Lutz' help I just checked the UKM we have on this, and
it seems the usage is quite heavily concentrated on large sites. The
top-quartile of remaining public usage is just 9 sites; top-half is
~35. We'll try to reach out to them.
* A deprecation period of 3 milestones feels a bit short here.
Is the expectation that turning on the opt-out header can be
done under that period?
As above, we'll happily go up on this.
My reasoning why 3 milestones would be reasonable was that there is a
"safe" opt-out. That is, if one wishes to preserve old behaviour, or
isn't sure, or just wants to postpone the issue, one can just add
'Origin-Agent-Cluster: ?0" and deal with it later. This is quite
different from e.g. CSP, where adding new CSP headers might require a
lot of work and testing.
* A report-only mode could have allowed sites to try and enable
this, without risking actual breakage for their
documents/properties that use document.domain. This is doubly
true for platforms that want to warn their customers about
this upcoming deprecation, but without taking risks on their
behalf. At the same time, it is true that they could collect
deprecation reports (thanks for adding those!) instead during
the deprecation period, which can be considered an
on-by-default report-only mode. Can y'all add specific
guidance on deprecation reports to the documentation?
We see the deprecation warning - without any behavioural changes - as
effectively being the report-only mode. We'll be more clear in the
documentation.
* It'd be helpful to reach out to enterprise folks and see what
their responses may be for this. +Greg Whitworth.
* This probably requires an Enterprise Policy, to reduce the
risk for managed installs. +bheenan@ for opinions on that front.
I agree, and an enterprise policy is already in place.
* Is there a plan to eventually remove the opt-out option? Or is
it the plan to have it in place permanently?
There is no plan. The current logic is relatively easy to maintain, so
we have not made any plan to remove the opt-out.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/adca72c4-1239-a0d8-0c77-bcb034d3ee13%40gmail.com.