On Sat, Jul 4, 2009 at 12:59 PM, Peter Kasting<pkast...@google.com> wrote:
> On Sat, Jul 4, 2009 at 9:57 AM, Ian Fette <i...@chromium.org> wrote:
>> There are a few people looking at doing this safely (including part of the
>> team in Tokyo). There are ideas on how to do this in a reasonably safe
>> manner and they are being explored. The security review is not "in progress"
>> - previous status was "Bad", there was work done to come up with ways to
>> address said concerns, and now work is being done to try to implement those
>> ideas - security review will happen again once those ideas are implemented.
>
> So did Mozilla just elect to ship Fx 3.5 with similar vulnerabilities, or
> are we vulnerable in ways they aren't, or are these not well-understood
> outside the Chromium community (which would surprise me)?
> I ask because "@font-face support" is one of the big talking points in the
> press for Fx 3.5. I assume that's the same feature.
Many apologies to those you following this discussion on chromium-dev,
but we can't answer this question publicly. Members of the Mozilla
security group should feel free to contact me or Ian privately if you
have similar questions.
Adam
--~--~---------~--~----~------------~-------~--~----~
Chromium Developers mailing list: chromium-dev@googlegroups.com
View archives, change email options, or unsubscribe:
http://groups.google.com/group/chromium-dev
-~----------~----~----~----~------~----~------~--~---
