[Bug 17417] Define a security model for requesting access to the MIDIAccess interface from bugzilla@jessica.w3.org on 2012-12-13 (public-audio@w3.org from October to December 2012)

From: <bugzilla@jessica.w3.org>
Date: Thu, 13 Dec 2012 21:04:58 +0000
To: public-audio@w3.org
Message-ID: <bug-17417-5429-nu6JQTDOGx@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=17417

--- Comment #6 from Chris Wilson <cwilso@gmail.com> ---
(In reply to comment #5)
> I agree that the word should be "SHOULD". After all, it's the ideal, and
> "SHOULD" still isn't "MUST".

It's true, SHOULD isn't MUST - but I've become much less convinced there's a
real fingerprinting issue here, particularly since Java has had unprompted MIDI
support for a vary long time - and the exploits would be VERY uncommon and very
equipment-dependent.  I'm exploring internally with security folks to get their
sense, but I don't think that the UA SHOULD prompt the user in the default
case.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Thursday, 13 December 2012 21:05:00 UTC