W3C home > Mailing lists > Public > public-w3process@w3.org > October 2014

Re: Require security review before FPWD

From: Sam Ruby <rubys@intertwingly.net>
Date: Fri, 31 Oct 2014 10:35:45 -0700
Message-ID: <5453C871.9000404@intertwingly.net>
To: public-w3process@w3.org
On 10/30/14 10:17 AM, Anne van Kesteren wrote:
> Without due security review implementers end up implementing drafts
> and then we cannot fix the broken security and privacy
> characteristics.
>
> See e.g. https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332#128 and
> the rest of that thread for how hard it is to do this
> post-publication.
>
> Requiring TLS for an API is something that should be considered very early on.

Possible exception: if an editor or working group decides to split out a 
portion of a spec into a separate spec, I would hope that that could be 
done without triggering undue process implications.

- Sam Ruby
Received on Friday, 31 October 2014 17:36:14 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:35:12 UTC