W3C home > Mailing lists > Public > public-w3process@w3.org > November 2014

Re: Require security review before FPWD

From: Jeff Jaffe <jeff@w3.org>
Date: Tue, 04 Nov 2014 09:25:41 -0500
Message-ID: <5458E1E5.3020608@w3.org>
To: GALINDO Virginie <Virginie.Galindo@gemalto.com>, "chaals@yandex-team.ru" <chaals@yandex-team.ru>, Karl Dubost <karl@la-grange.net>
CC: Anne van Kesteren <annevk@annevk.nl>, Philippe Le Hégaret <plh@w3.org>, public-w3process <public-w3process@w3.org>

On 11/4/2014 3:40 AM, GALINDO Virginie wrote:
> +1 for the guidelines,

Would the Security IG be the right place to develop those guidelines?

>   and security at early stage, w3c can not afford at the moment to have systematic security review, unless we recruit a larger security expert community.
> Virginie
>
> ---- Karl Dubost a écrit ----
>
> [....]
>> Do not make it part of the process.
>> On the other hand, publish a set of guidelines and how to implement them for reviewing security issues *when* editing a spec.
>>
>>
>> --
>> Karl Dubost 🐄
>> http://www.la-grange.net/karl/
> ________________________________
>   This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
Received on Tuesday, 4 November 2014 14:26:03 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:35:12 UTC