W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2014

Re: snapshots in CfC Re: CfC: Publish a FPWD of "Requirements for Powerful Features"

From: Brad Hill <hillbrad@fb.com>
Date: Mon, 1 Dec 2014 17:20:40 +0000
To: "chaals@yandex-team.ru" <chaals@yandex-team.ru>, Mike West <mkwst@google.com>
CC: John Kemp <john@jkemp.net>, Mark Nottingham <mnot@mnot.net>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <D0A1E285.184C%hillbrad@fb.com>
Thanks for the feedback.  I'm inclined to err more on the side of "active" consensus on editorial matters for an FPWD or WD transition, so long as for an FPWD changes don't introduce significant changes that would expand the scope of the Call for Exclusions.

-Brad

From: "chaals@yandex-team.ru<mailto:chaals@yandex-team.ru>" <chaals@yandex-team.ru<mailto:chaals@yandex-team.ru>>
Date: Friday, November 28, 2014 at 8:18 AM
To: Mike West <mkwst@google.com<mailto:mkwst@google.com>>
Cc: John Kemp <john@jkemp.net<mailto:john@jkemp.net>>, Bradley Hill <hillbrad@fb.com<mailto:hillbrad@fb.com>>, Mark Nottingham <mnot@mnot.net<mailto:mnot@mnot.net>>, "public-webappsec@w3.org<mailto:public-webappsec@w3.org>" <public-webappsec@w3.org<mailto:public-webappsec@w3.org>>
Subject: Re: snapshots in CfC Re: CfC: Publish a FPWD of "Requirements for Powerful Features"



28.11.2014, 14:28, "Mike West" <mkwst@google.com<mailto:mkwst@google.com>>:
I take the general point; CfCs should be tied to specific documents, not whatever happens to be the last thing I uploaded. I'll ensure that happens next time I poke a the list for a formal measurement of consensus.

Yeah, that's great. Meanwhile let's make a mountain out of this molehill…

That said, tip-of-tree has some nice improvements over Monday's document, based on feedback from both you and Brad. I'm happy to put up a snapshot from Monday, but I'd prefer to publish a snapshot from today.

Works for me.

cheers

Perhaps we can chat about what makes sense on Monday's call.

-mike

--
Mike West <mkwst@google.com<mailto:mkwst@google.com>>
Google+: https://mkw.st/+<https://urldefense.proofpoint.com/v1/url?u=https://mkw.st/%2B&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=HU3cThGizwgsko8%2BWBMXZg%3D%3D%0A&m=JqdFiI3gNK7LFvJgPHgiqh6UtF9wP7Pd60S8oxQeqPI%3D%0A&s=9da930c0d9de3032f588e5ba724fe1420b2513872277aecdbc5ec56bfd10439d>, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

On Tue, Nov 25, 2014 at 5:54 PM, <chaals@yandex-team.ru<mailto:chaals@yandex-team.ru>> wrote:


25.11.2014, 18:13, "John Kemp" <john@jkemp.net<mailto:john@jkemp.net>>:
> Hi Chaals,
>
> On 11/25/2014 06:54 AM, chaals@yandex-team.ru<mailto:chaals@yandex-team.ru> wrote:
>>  TL;DR: Please go ahead.
>>  24.11.2014, 23:20, "Mike West" <mkwst@google.com<mailto:mkwst@google.com>>:
>>>  On Mon, Nov 24, 2014 at 9:00 PM, Brad Hill <hillbrad@fb.com<mailto:hillbrad@fb.com>
>>>  <mailto:hillbrad@fb.com<mailto:hillbrad@fb.com>>> wrote:
>>>
>>>      I've made a pull request to formalize the tone a bit.  Pending that or
>>>      similar updates by the editor, I support the publication of this
>>>      draft.
>>>
>>>  Thank you! I accepted the pull, cleaned up a few bits, and
>>>  republished: http://w3c.github.io/webappsec/specs/powerfulfeatures/<https://urldefense.proofpoint.com/v1/url?u=http://w3c.github.io/webappsec/specs/powerfulfeatures/&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=HU3cThGizwgsko8%2BWBMXZg%3D%3D%0A&m=JqdFiI3gNK7LFvJgPHgiqh6UtF9wP7Pd60S8oxQeqPI%3D%0A&s=c479776e2f6fd4010c1234cf43dd8aab7524959e5c5e6cf66cfb2ec47355cdde>
>>  It is really helpful in a call for consensus to have a URL to a
>>  snapshot.
>
> FWIW, you can review the commits made, individually if you so desire, by
> going to https://github.com/w3c/webappsec/commits/master


Sure. I did that and in this case it seems fine to me. But given a change of a few dozen lines, it is not always clear what a "consensus" is if it is determined by statements made about different documents at different times - it's generally easier to agree on something if everyone is agreeing on the same thing. For people on a differenc

>>  Consensus to publish "whatever was there when I looked" is
>>  actually seriously weakened if you can change what is there (this is
>>  security 101, right?).
>
> One thing that might improve the process is even for the spec editors to
> work in branches and issue Git pull requests back to master. The pull
> requests can be reviewed as a whole, or by looking at individual
> commits, prior to the reviewed pull request being merged to master.

It's simpler than that - in general, people can follow the entire history if they want to see each commit, or look at review drafts if they don't have that kind of time.

It's just a case of not mixing the two…

cheers

> - johnk
>>  That said, I think the changes I saw (up until about 15 minutes before I
>>  sent this mail) were helpful, and support publishing either way.
>>>  <http://w3c.github.io/webappsec/specs/powerfulfeatures/<https://urldefense.proofpoint.com/v1/url?u=http://w3c.github.io/webappsec/specs/powerfulfeatures/&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=HU3cThGizwgsko8%2BWBMXZg%3D%3D%0A&m=JqdFiI3gNK7LFvJgPHgiqh6UtF9wP7Pd60S8oxQeqPI%3D%0A&s=c479776e2f6fd4010c1234cf43dd8aab7524959e5c5e6cf66cfb2ec47355cdde>><http://w3c.github.io/webappsec/specs/powerfulfeatures/<https://urldefense.proofpoint.com/v1/url?u=http://w3c.github.io/webappsec/specs/powerfulfeatures/&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=HU3cThGizwgsko8%2BWBMXZg%3D%3D%0A&m=JqdFiI3gNK7LFvJgPHgiqh6UtF9wP7Pd60S8oxQeqPI%3D%0A&s=c479776e2f6fd4010c1234cf43dd8aab7524959e5c5e6cf66cfb2ec47355cdde>>
>>>  Regarding the issue #2 you added, 'blob:' has an origin, as does
>>>  'data:'. What clarification do you think is necessary in the algorithm
>>>  in order to resolve the issue?
>>  cheers
>>  Chaals
>>  --
>>  Charles McCathie Nevile - web standards - CTO Office, Yandex
>>  chaals@yandex-team.ru<mailto:chaals@yandex-team.ru> - - - Find more at http://yandex.com<https://urldefense.proofpoint.com/v1/url?u=http://yandex.com/&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=HU3cThGizwgsko8%2BWBMXZg%3D%3D%0A&m=JqdFiI3gNK7LFvJgPHgiqh6UtF9wP7Pd60S8oxQeqPI%3D%0A&s=1ade6cadeee2f0cfeda42bec9fe1adc3f9dd2da8fbbeeac8f765ef60ace29b9e>

--
Charles McCathie Nevile - web standards - CTO Office, Yandex
chaals@yandex-team.ru<mailto:chaals@yandex-team.ru> - - - Find more at http://yandex.com<https://urldefense.proofpoint.com/v1/url?u=http://yandex.com/&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=HU3cThGizwgsko8%2BWBMXZg%3D%3D%0A&m=JqdFiI3gNK7LFvJgPHgiqh6UtF9wP7Pd60S8oxQeqPI%3D%0A&s=1ade6cadeee2f0cfeda42bec9fe1adc3f9dd2da8fbbeeac8f765ef60ace29b9e>


--
Charles McCathie Nevile - web standards - CTO Office, Yandex
chaals@yandex-team.ru<mailto:chaals@yandex-team.ru> - - - Find more at http://yandex.com<https://urldefense.proofpoint.com/v1/url?u=http://yandex.com&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=HU3cThGizwgsko8%2BWBMXZg%3D%3D%0A&m=JqdFiI3gNK7LFvJgPHgiqh6UtF9wP7Pd60S8oxQeqPI%3D%0A&s=81cb5515e0b3140aa20494bfef6171be3032f8263fef35267ea41a3fff1fcc45>

Received on Monday, 1 December 2014 17:21:14 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC