W3C home > Mailing lists > Public > public-web-security@w3.org > May 2014

RE: [W3C Web Security IG] call for comments on Security Review Process and Security Guidelines

From: GALINDO Virginie <Virginie.Galindo@gemalto.com>
Date: Wed, 28 May 2014 17:11:16 +0000
To: Arthur Barstow <art.barstow@gmail.com>, "public-web-security@w3.org" <public-web-security@w3.org>, "runnegar@isoc.org" <runnegar@isoc.org>
Message-ID: <540E99C53248CE468F6F7702588ABA2AA48F80C5@A1GTOEMBXV003.gto.a3c.atos.net>
Art,
Good points, let me track those on a wiki page listing improvement requests [1].
Suggestions below.
Virginie
[1] https://www.w3.org/Security/wiki/IG/W3C_spec_review/improvments



** Question 1 : Has the group agreed to "track" reviews to facilitate Qs like "so, what is now being reviewed; when does the review for doc X end; who agreed to review doc X; where are the comments from the review of doc X; what were the results of the review" and such? I see there is an empty section in [1] that could include this type of data (or it might make sense to create a new page).
[virginie] we did not go into the details, but those are definitely details to track, in order to give a good overview of what is going on.

** Question 2 : Is the expectation the reviews will be done on this list? The TAG uses GH for its reviews [GH]. It also seems something like [specifiction] could be used.
[GH] <https://github.com/w3ctag/spec-reviews>
[specifiction] <http://discourse.specifiction.org/>

[virginie] I think it will be up to the reviewer team to decide what is more suitable to them (as tools should not be a barrier to reviews). Reviewing team could work on this list with dedicated thread/subject, or with private interactions, or with github. Yes, specification could be used too.

** Question 3 : How does PING conduct its spec reviews and track them (as it might make sense to use similar/identical methods)?
[virginie] Lets ping the PING ! Christine ?



> Regards,
>
> Virginie
>
> Gemalto
>
> Co-chair of Web Security IG
>
> [1] Security Review process
> http://www.w3.org/Security/wiki/IG/W3C_spec_review
> <http://www.w3.org/Security/wiki/IG/W3C_spec_review>
>
> [2] Security Guidelines
> https://www.w3.org/Security/wiki/IG/W3C_spec_review/Security_Guideline
> s
>
> ----------------------------------------------------------------------
> -- This message and any attachments are intended solely for the
> addressees and may contain confidential information. Any unauthorized
> use or disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable
> for the message if altered, changed or falsified. If you are not the
> intended recipient of this message, please delete it and notify the
> sender.
> Although all reasonable efforts have been made to keep this
> transmission free from viruses, the sender will not be liable for
> damages caused by a transmitted virus.


________________________________
 This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
Received on Wednesday, 28 May 2014 17:11:48 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:21 UTC