On Tue, Jun 30, 2015 at 11:18 PM, Boris Zbarsky <bzbar...@mit.edu> wrote: > On 6/30/15 5:00 PM, Richard Barnes wrote: >> Second, when we implement new web platform features, they will be enabled >> only on secure contexts. > > Might I ask who this "we" is (I don't recall general DOM module owner buy-in > on this, but maybe I missed it?)
Platform. There was no strong opposition to the "Intent to deprecate: Insecure HTTP" thread and in Whistler everyone attending the deprecating non-secure HTTP session agreed. Do you think this needs to be approached differently? > what the definition of "new web platform > features" is (e.g. does the webperf translateTime thing count? Yes, anything for which Platform creates Intent to Implement/Ship threads. > What about > adding the performance timing APIs we already ship for Window to workers?), The idea is that you indicate in the Intent to Implement/Ship thread whether you want an exception to the secure context restriction. The module owner based on input from dev.platform then decides whether an exception is warranted. > and whether there's actually a stable definition of secure contexts that > everyone agrees on? There's a definition Google and us use to implement service workers. That definition has been fairly stable though there are some small issues to be sorted out. >> Exceptions can be granted > > Who makes that call? Based on what criteria? Module owners, based on dev.platform input to the Intent to Implement/Ship threads. No criteria were established. Hopefully something that can be learned over time. -- https://annevankesteren.nl/ _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform