Another good reason for blocking this for now is that it lets Javascript circumvent the 5usec granularity of performance.now() and do things like stealing private keys.
https://www.w3.org/TR/hr-time/#privacy-security http://iss.oy.ne.ro/SpyInTheSandbox.pdf https://bugzilla.mozilla.org/show_bug.cgi?id=1252035#c9 We must not turn this on by default in any branch other than Nightly until we can assure that the 5usec boundary will be maintained. --Richard On Fri, Jan 15, 2016 at 12:10 AM, Lars Hansen <lhan...@mozilla.com> wrote: > It's not enabled by default because the API is probably not fully baked > yet; until the spec reaches Stage 3 at TC39 we should expect things to be > fluid. I don't expect that milestone to be reached until this summer. > > We've discussed enabling by default on Aurora, DevEd, and Beta once we > reach Stage 2 at TC39, but I don't own that decision, can't guarantee it, > and might even argue that it would be better to wait a couple of months > after reaching Stage 2, which is when the spec gets serious attention from > the committee. > > Google has what I understand to be a compatible implementation of the > current spec, also available behind a pref (actually behind two of them > last I heard). > > --lars > > > On Thu, Jan 14, 2016 at 10:24 PM, Robert O'Callahan <rob...@ocallahan.org> > wrote: > > > Sounds good to me too. What's blocking us from enabling by default? > > > > Rob > > -- > > lbir ye,ea yer.tnietoehr rdn rdsme,anea lurpr edna e hnysnenh hhe > uresyf > > toD > > selthor stor edna siewaoeodm or v sstvr esBa kbvted,t > > rdsme,aoreseoouoto > > o l euetiuruewFa kbn e hnystoivateweh uresyf tulsa rehr rdm or rnea > > lurpr > > .a war hsrer holsa rodvted,t nenh hneireseoouot.tniesiewaoeivatewt sstvr > > esn > > > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
