On 3/17/09, Frederick Hirsch wrote:
> Marcos
>
> Rather than replicating this, which might be error prone and hard to
> maintain, perhaps Widget Signature should reference P & C for this.
> What do you think ?
>
I think that should be fine.
> regards, Frederick
>
>
> On Mar 17, 2009, at 8:15 AM,
Marcos
Rather than replicating this, which might be error prone and hard to
maintain, perhaps Widget Signature should reference P & C for this.
What do you think ?
regards, Frederick
On Mar 17, 2009, at 8:15 AM, ext Marcos Caceres wrote:
Hi Frederick,
On 3/17/09 1:01 PM, Frederick Hir
Marcos, Frederick,
I should have asked Frederick to make the changes Marcos suggested
below. Sorry about that!
Anyhow, Frederick agreed to make the changes.
-Regards, Art Barstow
On Mar 17, 2009, at 8:44 AM, ext Marcos Caceres wrote:
On 3/17/09 12:59 PM, Frederick Hirsch wrote:
I alr
On 3/17/09 12:59 PM, Frederick Hirsch wrote:
I already made this change :) to widget user agent. I think that should
work...
Sorry to be annoying, but we should be trying to architecturally design
all the specs to behave as independent as possible (and eradicate the
notion of an overall "
Hi Frederick,
On 3/17/09 1:01 PM, Frederick Hirsch wrote:
The latest draft includes the revised text from Thomas.
Marcos, are you suggesting we add something more? It sounds like what
you are saying here, is that it should be a valid widget file. Isn't
that part of P&C checking? I'm not sure w
I already made this change :) to widget user agent. I think that
should work...
On Mar 17, 2009, at 6:28 AM, ext Marcos Caceres wrote:
On Thu, Mar 12, 2009 at 5:53 PM, Priestley, Mark, VF-Group
wrote:
---
Editorial comments
---
General Te
The latest draft includes the revised text from Thomas.
Marcos, are you suggesting we add something more? It sounds like what
you are saying here, is that it should be a valid widget file. Isn't
that part of P&C checking? I'm not sure what it means to check that
the paths are "as secure as
On Mon, Mar 16, 2009 at 12:17 PM, Thomas Roessler wrote:
> I'd suggest this instead:
>
>> Implementations should be careful about trusting path components found in
>> the zip archive: Such path components might be interpreted by operating
>> systems as pointing at security critical files outside
On Thu, Mar 12, 2009 at 6:27 PM, Marcin Hanclik
wrote:
> Hi Mark,
>
>>>"Implementations that store the content of widget archives to the file
>system during signature verification MUST NOT trust any path components of
>file names present in the archive, to avoid overwriting of arbitrary
On Thu, Mar 12, 2009 at 5:53 PM, Priestley, Mark, VF-Group
wrote:
> ---
> Editorial comments
> ---
>
> General Terminology
>
> "Widget agent", "widget platform", "application"? -> "widget user
> agent"?
Lets just use "user agent". I don't think we s
; ext Marcos Caceres; WebApps WG
>Subject: Re: [widgets] Comments on Widget Signature update
>(was RE: Widget Signature update)
>
>On 13 Mar 2009, at 15:50, Frederick Hirsch wrote:
>
>> Thanks for your review, I have some comments inline. Thomas, can you
>> please review my
ey, Mark, VF-Group
>Cc: Frederick Hirsch; ext Marcos Caceres; WebApps WG; Thomas Roessler
>Subject: Re: [widgets] Comments on Widget Signature update
>(was RE: Widget Signature update)
>
>Mark
>
>Thanks for your review, I have some comments inline. Thomas,
>can you ple
On 13 Mar 2009, at 15:50, Frederick Hirsch wrote:
Thanks for your review, I have some comments inline. Thomas, can you
please review
my proposed change to the security considerations text Mark mentioned?
I believe that you mean this piece of text:
"Implementations that store the content of
Mark
Thanks for your review, I have some comments inline. Thomas, can you
please review my proposed change to the security considerations text
Mark mentioned?
Thanks
regards, Frederick
Frederick Hirsch
Nokia
On Mar 12, 2009, at 12:53 PM, ext Priestley, Mark, VF-Group wrote:
Hi Frederic
c-webapps-requ...@w3.org [mailto:public-webapps-requ...@w3.org] On
Behalf Of Priestley, Mark, VF-Group
Sent: Thursday, March 12, 2009 5:54 PM
To: Frederick Hirsch; ext Marcos Caceres
Cc: WebApps WG
Subject: [widgets] Comments on Widget Signature update (was RE: Widget
Signature update)
Hi Fred
Hi Frederick, All,
Some comments on the updated specification but first let me again say
thanks for doing a great job making all the changes!
---
Substantive comments
---
3
"Implementers are encouraged to provide mechanisms to enable end-users
to
16 matches
Mail list logo
