Re: Es4-discuss Digest, Vol 8, Issue 44

2007-11-02 Thread Brendan Eich
On Nov 2, 2007, at 2:40 PM, Yuh-Ruey Chen wrote: Lastly, all this accusations concerning intentions need to stop. In the absence of technical arguments, these are inevitable. Mozilla, this concerns you too - I find that saying you won't let big bully MS block ES4 is somewhat hypocritical, co

Re: Es4-discuss Digest, Vol 8, Issue 44

2007-11-02 Thread Yuh-Ruey Chen
As far as I can see it, there are a couple of non-technical issues here that have to be resolved, but they all boil down to who is willing to implement what. Is there truly no way to compromise? MS says that they think ES4 deserves to a be a new language. Suppose that is true and ES4 is renamed, s

What have we done about the mutable global object? (was Re: Es4-discuss Digest, Vol 8, Issue 44)

2007-10-30 Thread Brendan Eich
On Oct 30, 2007, at 6:14 PM, Brendan Eich wrote: > ES4 provides const, fixed typename bindings, lexical scope (let), > program units, and optional static type checking -- all of which > *do* make ES4 code easier to analyze and instrument to enforce > security properties. I left out the intr

Re: Es4-discuss Digest, Vol 8, Issue 44

2007-10-30 Thread Neil Mix
On Oct 30, 2007, at 6:45 PM, Ric Johnson wrote: > Doug is correct: as a product manager, it is bad to add more > features: it > increases our risks with reduced ROI I sympathize with the concern behind this statement, but I would argue its analysis is incomplete on the following grounds: 1)

Re: Es4-discuss Digest, Vol 8, Issue 44

2007-10-30 Thread Brendan Eich
On Oct 30, 2007, at 7:02 PM, Ric Johnson wrote: > On 10/31/2007, "Brendan Eich" <[EMAIL PROTECTED]> wrote: > >> Sure, but you have now argued in a circle. If the script tag handler, >> upon seeing

Re: Es4-discuss Digest, Vol 8, Issue 44

2007-10-30 Thread Ric Johnson
On 10/31/2007, "Brendan Eich" <[EMAIL PROTECTED]> wrote: > >Sure, but you have now argued in a circle. If the script tag handler, >upon seeing

Re: Es4-discuss Digest, Vol 8, Issue 44

2007-10-30 Thread Brendan Eich
On Oct 30, 2007, at 5:36 PM, Ric Johnson wrote: > On 10/31/2007, "Brendan Eich" <[EMAIL PROTECTED]> wrote: > >> http://wiki.ecmascript.org/doku.php?id=proposals:versioning > > Brendan, > > I know that a version string may help us avoid incompatibilities, > however > I am also cognizant that this

Re: Es4-discuss Digest, Vol 8, Issue 44

2007-10-30 Thread Brendan Eich
On Oct 30, 2007, at 5:03 PM, Douglas Crockford wrote: Brenden is also correct: If the working group voted and the current proposal won - it is better to have a stronger, more secure language. Sure they can argue it is bloated, but SO WHAT? The proposal is not a more secure language. It does n

Re: Es4-discuss Digest, Vol 8, Issue 44

2007-10-30 Thread liorean
On 31/10/2007, Ric Johnson <[EMAIL PROTECTED]> wrote: > I still am missing something. If someone could somehow prove that ES4 is > flawed, do we have actually have a chance to fix it before it is burned > over my childhood memories? How do we do that? Do I need to draw up a > diagram comparing s

Re: Es4-discuss Digest, Vol 8, Issue 44

2007-10-30 Thread Graydon Hoare
Douglas Crockford wrote: > The proposal is not a more secure language. It does nothing to address > ECMAScript's biggest design flaw: the insecurity caused its dependence on a > global object. XSS attacks are a direct consequence of this flaw. By making > the language more complex, this proble

Re: Es4-discuss Digest, Vol 8, Issue 44

2007-10-30 Thread Ric Johnson
On 10/31/2007, "Brendan Eich" <[EMAIL PROTECTED]> wrote: >On Oct 30, 2007, at 3:59 PM, Yehuda Katz wrote: > >> I would specifically like to hear a realistic technical scenario >> where the implementation of ES4 produces serious complications in >> the open web. > >Me too. Here's one analysis of ho

Re: Es4-discuss Digest, Vol 8, Issue 44

2007-10-30 Thread Ric Johnson
Douglas, Thank you! I asked for a clear message, and you gave me one! Don't we need the global object to be compatible? Can you point to a suggestion of what use mere mortals may do to influence the proposals? (Other than this on this list) We may all agree that 'bloat' is bad. We might not al

Re: Es4-discuss Digest, Vol 8, Issue 44

2007-10-30 Thread Michael O'Brien
Doug, Yes, I think the time has come to table the ES3+ materials. It has been discussed on and off since April. Do you have something that describes this proposal in a material way? How can people evaluate ES4 vs ES3+ if ES3+ is unknown and unspecified? Michael Yehuda Katz wrote: Doug,

Re: Es4-discuss Digest, Vol 8, Issue 44

2007-10-30 Thread Yehuda Katz
Doug, What specifically would you do in ES3+ to improve this situation? -- Yehuda On 10/30/07, Douglas Crockford <[EMAIL PROTECTED]> wrote: > > > Brenden is also correct: If the working group voted and > > the current > > proposal won - it is better to have a stronger, more secure > > language.

Re: Es4-discuss Digest, Vol 8, Issue 44

2007-10-30 Thread Brendan Eich
On Oct 30, 2007, at 3:59 PM, Yehuda Katz wrote: > I would specifically like to hear a realistic technical scenario > where the implementation of ES4 produces serious complications in > the open web. Me too. Here's one analysis of how ES4 might break existing scripts: * New keywords and synta

Re: Es4-discuss Digest, Vol 8, Issue 44

2007-10-30 Thread Douglas Crockford
> Brenden is also correct: If the working group voted and > the current > proposal won - it is better to have a stronger, more secure > language. > Sure they can argue it is bloated, but SO WHAT? The proposal is not a more secure language. It does nothing to address ECMAScript's biggest design

Re: Es4-discuss Digest, Vol 8, Issue 44

2007-10-30 Thread Ric Johnson
>* Ric Johnson: "However, Doug did strike a chord when he said 'the >ghost of Netscape'". > >Was Ric quoting you accurately, and if so, what did you mean? I stand by this one. > >* Ric Johnson again: "There are A LOT of accusations of backroom >deals being made" However, it was NOT Doug that cla

Re: Es4-discuss Digest, Vol 8, Issue 44

2007-10-30 Thread Ric Johnson
Thank you all for keeping this thread alive, despite all the flamz, I still am missing something. If someone could somehow prove that ES4 is flawed, do we have actually have a chance to fix it before it is burned over my childhood memories? How do we do that? Do I need to draw up a diagram comp

Re: Es4-discuss Digest, Vol 8, Issue 44

2007-10-30 Thread Brendan Eich
On Oct 30, 2007, at 3:09 PM, Douglas Crockford wrote: Doug Crockford made some statements about TG1 members and motives. The speculations about motives were made by others on this list, not by me. Yeah, you have said little on this list, but somewhat more at that panel at TAE Boston. I w

Re: Es4-discuss Digest, Vol 8, Issue 44

2007-10-30 Thread Yehuda Katz
There's a difference between meeting minutes of the WG and the discussions that need to occur now in the development community. If ES4 is to succeed, a chunk of the development community needs to get behind it (and at least not be actively opposed to it). The insider baseball that's been occurring

Re: Es4-discuss Digest, Vol 8, Issue 44

2007-10-30 Thread Robert Sayre
On 10/30/07, Douglas Crockford <[EMAIL PROTECTED]> wrote: > > It has serious consequences that should be discussed. Well, it looks like there are two years of meeting minutes on the wiki. Do the details of these consequences appear anywhere in the minutes? If not, now is the time to get very speci

Re: Es4-discuss Digest, Vol 8, Issue 44

2007-10-30 Thread Yehuda Katz
Doug, I appreciated your comments at the end of the debate about people reading the white-paper. It was very courteous. That said, you did imply that the WG was split, by mentioning two members in support and two opposed. Your comments to me after the presentation about back-compatibility were int

Re: Es4-discuss Digest, Vol 8, Issue 44

2007-10-30 Thread Douglas Crockford
> Doug Crockford made some statements about TG1 members and motives. The speculations about motives were made by others on this list, not by me. In answer to a question from Brent Ashley, I said that the working group was not in consensus, a fact which would have been apparent to any keen obse