On Wed, May 6, 2015 at 11:55 AM, Adam Roach <a...@mozilla.com> wrote: > Keep in mind the thesis of that plan isn't that we restrict > security-sensitive features to https -- it's that /all new stuff/ is > restricted to https. If this falls under the definition of a "new feature," > and if it's going to be released after the embargo date, then the security > properties of clipboard manipulation don't really enter into the evaluation.
This is perhaps a little early to be applying that rule, since we haven't really gotten far with the discussion with other browser vendors yet (though we've had some preliminary discussions). I think that this is a great example of a feature that we could use to test out the process for applying the policy. Though I can understand why there might be some resistance, we don't find out much if we don't ask. I'm going to propose that we at least raise the question with other browsers about restricting this feature to secure contexts. The answer might help inform us on whether pursuing the deprecation plan as outlined is feasible. Like Anne, I think that the benefit is tangible to HTTPS-only, even it is small. It would be a shame if the deprecation plan was spoiled simply because features that were considered "too useful" got exemptions. In this case, I'd say timing would be a valid reason for an exemption. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
