On Nov 2, 2007, at 2:40 PM, Yuh-Ruey Chen wrote:
Lastly, all this accusations concerning intentions need to stop.
In the absence of technical arguments, these are inevitable.
Mozilla, this concerns you too - I find that saying you won't let big
bully MS block ES4 is somewhat hypocritical, co
As far as I can see it, there are a couple of non-technical issues here
that have to be resolved, but they all boil down to who is willing to
implement what. Is there truly no way to compromise?
MS says that they think ES4 deserves to a be a new language. Suppose
that is true and ES4 is renamed, s
On Oct 30, 2007, at 6:14 PM, Brendan Eich wrote:
> ES4 provides const, fixed typename bindings, lexical scope (let),
> program units, and optional static type checking -- all of which
> *do* make ES4 code easier to analyze and instrument to enforce
> security properties.
I left out the intr
On Oct 30, 2007, at 6:45 PM, Ric Johnson wrote:
> Doug is correct: as a product manager, it is bad to add more
> features: it
> increases our risks with reduced ROI
I sympathize with the concern behind this statement, but I would
argue its analysis is incomplete on the following grounds:
1)
On Oct 30, 2007, at 7:02 PM, Ric Johnson wrote:
> On 10/31/2007, "Brendan Eich" <[EMAIL PROTECTED]> wrote:
>
>> Sure, but you have now argued in a circle. If the script tag handler,
>> upon seeing
On 10/31/2007, "Brendan Eich" <[EMAIL PROTECTED]> wrote:
>
>Sure, but you have now argued in a circle. If the script tag handler,
>upon seeing
On Oct 30, 2007, at 5:36 PM, Ric Johnson wrote:
> On 10/31/2007, "Brendan Eich" <[EMAIL PROTECTED]> wrote:
>
>> http://wiki.ecmascript.org/doku.php?id=proposals:versioning
>
> Brendan,
>
> I know that a version string may help us avoid incompatibilities,
> however
> I am also cognizant that this
On Oct 30, 2007, at 5:03 PM, Douglas Crockford wrote:
Brenden is also correct: If the working group voted and
the current
proposal won - it is better to have a stronger, more secure
language.
Sure they can argue it is bloated, but SO WHAT?
The proposal is not a more secure language. It does n
On 31/10/2007, Ric Johnson <[EMAIL PROTECTED]> wrote:
> I still am missing something. If someone could somehow prove that ES4 is
> flawed, do we have actually have a chance to fix it before it is burned
> over my childhood memories? How do we do that? Do I need to draw up a
> diagram comparing s
Douglas Crockford wrote:
> The proposal is not a more secure language. It does nothing to address
> ECMAScript's biggest design flaw: the insecurity caused its dependence on a
> global object. XSS attacks are a direct consequence of this flaw. By making
> the language more complex, this proble
On 10/31/2007, "Brendan Eich" <[EMAIL PROTECTED]> wrote:
>On Oct 30, 2007, at 3:59 PM, Yehuda Katz wrote:
>
>> I would specifically like to hear a realistic technical scenario
>> where the implementation of ES4 produces serious complications in
>> the open web.
>
>Me too. Here's one analysis of ho
Douglas,
Thank you! I asked for a clear message, and you gave me one!
Don't we need the global object to be compatible?
Can you point to a suggestion of what use mere mortals may do to
influence the proposals? (Other than this on this list)
We may all agree that 'bloat' is bad. We might not al
Doug,
Yes, I think the time has come to table the ES3+ materials.
It has been discussed on and off since April. Do you have something
that describes this proposal in a material way?
How can people evaluate ES4 vs ES3+ if ES3+ is unknown and unspecified?
Michael
Yehuda Katz wrote:
Doug,
Doug,
What specifically would you do in ES3+ to improve this situation?
-- Yehuda
On 10/30/07, Douglas Crockford <[EMAIL PROTECTED]> wrote:
>
> > Brenden is also correct: If the working group voted and
> > the current
> > proposal won - it is better to have a stronger, more secure
> > language.
On Oct 30, 2007, at 3:59 PM, Yehuda Katz wrote:
> I would specifically like to hear a realistic technical scenario
> where the implementation of ES4 produces serious complications in
> the open web.
Me too. Here's one analysis of how ES4 might break existing scripts:
* New keywords and synta
> Brenden is also correct: If the working group voted and
> the current
> proposal won - it is better to have a stronger, more secure
> language.
> Sure they can argue it is bloated, but SO WHAT?
The proposal is not a more secure language. It does nothing to address
ECMAScript's biggest design
>* Ric Johnson: "However, Doug did strike a chord when he said 'the
>ghost of Netscape'".
>
>Was Ric quoting you accurately, and if so, what did you mean?
I stand by this one.
>
>* Ric Johnson again: "There are A LOT of accusations of backroom
>deals being made"
However, it was NOT Doug that cla
Thank you all for keeping this thread alive, despite all the flamz,
I still am missing something. If someone could somehow prove that ES4 is
flawed, do we have actually have a chance to fix it before it is burned
over my childhood memories? How do we do that? Do I need to draw up a
diagram comp
On Oct 30, 2007, at 3:09 PM, Douglas Crockford wrote:
Doug Crockford made some statements about TG1 members and motives.
The speculations about motives were made by others on this list,
not by me.
Yeah, you have said little on this list, but somewhat more at that
panel at TAE Boston. I w
There's a difference between meeting minutes of the WG and the discussions
that need to occur now in the development community. If ES4 is to succeed, a
chunk of the development community needs to get behind it (and at least not
be actively opposed to it). The insider baseball that's been occurring
On 10/30/07, Douglas Crockford <[EMAIL PROTECTED]> wrote:
>
> It has serious consequences that should be discussed.
Well, it looks like there are two years of meeting minutes on the
wiki. Do the details of these consequences appear anywhere in the
minutes? If not, now is the time to get very speci
Doug,
I appreciated your comments at the end of the debate about people reading
the white-paper. It was very courteous. That said, you did imply that the WG
was split, by mentioning two members in support and two opposed.
Your comments to me after the presentation about back-compatibility were
int
> Doug Crockford made some statements about TG1 members and motives.
The speculations about motives were made by others on this list, not by me.
In answer to a question from Brent Ashley, I said that the working group was
not in consensus, a fact which would have been apparent to any keen obse
23 matches
Mail list logo
