On Tue, Jun 30, 2015 at 11:18 PM, Boris Zbarsky <bzbar...@mit.edu> wrote:
> On 6/30/15 5:00 PM, Richard Barnes wrote:
>> Second, when we implement new web platform features, they will be enabled
>> only on secure contexts.
>
> Might I ask who this "we" is (I don't recall general DOM module owner buy-in
> on this, but maybe I missed it?)

Platform. There was no strong opposition to the "Intent to deprecate:
Insecure HTTP" thread and in Whistler everyone attending the
deprecating non-secure HTTP session agreed. Do you think this needs to
be approached differently?


> what the definition of "new web platform
> features" is (e.g. does the webperf translateTime thing count?

Yes, anything for which Platform creates Intent to Implement/Ship threads.


> What about
> adding the performance timing APIs we already ship for Window to workers?),

The idea is that you indicate in the Intent to Implement/Ship thread
whether you want an exception to the secure context restriction. The
module owner based on input from dev.platform then decides whether an
exception is warranted.


> and whether there's actually a stable definition of secure contexts that
> everyone agrees on?

There's a definition Google and us use to implement service workers.
That definition has been fairly stable though there are some small
issues to be sorted out.


>> Exceptions can be granted
>
> Who makes that call?  Based on what criteria?

Module owners, based on dev.platform input to the Intent to
Implement/Ship threads. No criteria were established. Hopefully
something that can be learned over time.


-- 
https://annevankesteren.nl/
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Reply via email to