[Bug 26332] Applications should only use EME APIs on secure origins (e.g. HTTPS) from bugzilla@jessica.w3.org on 2014-10-24 (public-html-bugzilla@w3.org from October 2014)

From: <bugzilla@jessica.w3.org>
Date: Fri, 24 Oct 2014 22:28:24 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-26332-2486-W8Wve0Z5PV@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332

--- Comment #102 from Glenn Adams <glenn@skynav.com> ---
(In reply to David Dorwin from comment #101)
> (In reply to Glenn Adams from comment #100)
> > (In reply to David Dorwin from comment #97)
> > > This one-line change does not prevent collaboration, but it does fix a
> > > security and privacy problem with the spec and bring it inline with the
> > > TAG's direction, which in turn brings it closer to moving forward in the
> > > spec process.
> > 
> > The TAG's input is just input. It doesn't mean that we must follow it. Given
> > the significant opposition to the "one line change", it would be best to
> > remove it until there is WG consensus on how to proceed. As editor, you
> > serve at the behest of the WG.
> 
> The significant opposition is from a few people and is not necessarily
> representative of the WG.

It is certainly representative of the majority of the TF members.

> There has also been strong support for such a
> change.
> 
> I considered input from the TAG, WG, and other W3C members and updated the
> text in the Editor's Draft. This is consistent with the HTML WG's Real Work
> Modes (https://www.w3.org/wiki/HTML/wg/WorkMode#Editors). WG consensus will
> not be required unless/until the WG formally publishes the specification as
> a Last Call Working Draft. Hopefully we can address some of the concerns
> before then.
> 
> 
> I committed https://dvcs.w3.org/hg/html-media/rev/be9998cf708c to add an
> issue box referencing this bug and the open questions.

That is not adequate. Please remove the text from step 3:

If the origin of the calling context's Document is not an authenticated origin
[MIXED-CONTENT], return a promise rejected with a new DOMException whose name
is NotSupportedError.

If you want, you can replace it with "[TBD]" and the removed text to the Issue,
with the preceding remark: "The editor proposes adding ...".

If you cannot do this, then I will be happy to submit a formal process
objection to the chair.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Friday, 24 October 2014 22:28:26 UTC