On Friday 2015-01-30 08:54 -0800, Daniel Veditz wrote: > On Thu, Jan 29, 2015 at 10:32 PM, L. David Baron <dba...@dbaron.org> wrote: > > > There are a number of problematic aspects to this charter to which > > we object: > > > > (1) The "Confinement with Origin Web Labels" deliverable is described > > in a way that makes it unclear what the deliverable would do. It > > should be clearer. Furthermore, the lack of clarity means we > > couldn't evaluate whether we are comfortable with it being in the > > charter. > > > > (2) The "Entry Point Regulation for Web Applications" deliverable seems > > to have serious risks of breaking the ability to link. It's not > > clear that the security benefits of this specification outweigh the > > risks to the abilities of Web users. > > > > If something is in the charter and there's an initial draft spec, that > doesn't mean the final spec will be the same or that the WG has to > ultimately approve the spec at all, does it? Both of these ideas are > promising attempts to address particular security issues that are prevalent > on the web. They also both raise issues that may or may not be addressable > as the WG refines the specs. As long as we can object to the final specs if > they go off the rails these concepts are worth exploring.
Regarding (1), it sounds like you know what it is and perhaps could explain it? Regarding (2), does it make sense for the charter to say that it's a potential deliverable, but that the working group may choose not to proceed depending on tradeoffs? -David -- 𝄞 L. David Baron http://dbaron.org/ 𝄂 𝄢 Mozilla https://www.mozilla.org/ 𝄂 Before I built a wall I'd ask to know What I was walling in or walling out, And to whom I was like to give offense. - Robert Frost, Mending Wall (1914)
signature.asc
Description: Digital signature
_______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
