W3C home > Mailing lists > Public > public-web-security@w3.org > August 2011

Re: CORS/UMP to become joint WebApps and WebAppSec joint deliverable

From: Maciej Stachowiak <mjs@apple.com>
Date: Tue, 02 Aug 2011 22:48:38 -0700
Cc: Thomas Roessler <tlr@w3.org>, public-webapps <public-webapps@w3.org>, public-web-security <public-web-security@w3.org>, Arthur Barstow <art.barstow@nokia.com>
Message-id: <21F4D65F-66B8-47DA-9EFE-915FBA510C29@apple.com>
To: Anne van Kesteren <annevk@opera.com>

On Aug 2, 2011, at 4:10 AM, Anne van Kesteren wrote:

> On Tue, 02 Aug 2011 12:53:49 +0200, Thomas Roessler <tlr@w3.org> wrote:
>> Well, groups can decide to stop working on a deliverable without having to recharter; further, we've had separate groups work on joint deliverables in the past.  In practical terms, the minimum that webapps needs to do is to give its consent to publication and transition decisions; that can easily be done through a call for consensus.  I trust that Art will help to nudge discussions over to the WebAppSec group.
>> 
>> None of that requires charter language beyond what's there already, and none of it requires a rechartering of webapps.
> 
> Can we at least make it so that public-webapps@w3.org stays the list for technical discussion on CORS? We already switched mailing lists once (twice if you count going from the initial proposal on public-webapi@w3.org to public-appformats@w3.org) and I would like to avoid doing it again. Getting feedback is hard enough as it is, requiring all relevant people to subscribe to yet another list would be bad.
> 
> If that is not possible I think I would prefer CORS and From-Origin to stay in the WebApps WG.

At Apple we have a somewhat lengthy internal process for joining new Working Groups, so if feedback has to go to a new WG's list, you will likely miss out on Apple feedback for at least a few months.

In addition to this, I'd personally prefer to have discussion remain on public-webapps because we've managed to gather all the stakeholders here, and gathering them again will just add disruption and delay. Perhaps WebAppSec could be focused on new deliverables instead of taking over a deliverable that is relatively on track as it is. This could include a hypothetical CORS 2, or even production of the CORS test suite.

Regards,
Maciej
Received on Wednesday, 3 August 2011 05:51:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 3 August 2011 05:51:11 GMT