Re: Minutes, 16 February 2011 WebFonts WG telcon from Dave Crossland on 2011-02-20 (public-webfonts-wg@w3.org from February 2011)

From: Dave Crossland <dave@lab6.com>
Date: Sun, 20 Feb 2011 02:40:16 -0500
To: Maciej Stachowiak <mjs@apple.com>
Cc: public-webfonts-wg@w3.org
Message-ID: <AANLkTikfT5m2BcmiKtmPEzAz6VGW0Sx4XNJ0AhYLuW+p@mail.gmail.com>

On 20 February 2011 01:27, Maciej Stachowiak <mjs@apple.com> wrote:
> On Feb 19, 2011, at 10:18 PM, Dave Crossland wrote:
>
>> if the WOFF Recommendation mentions FO and says nothing
>> about CORS, that sounds good to me, and if it says nothing about FO or
>> CORS, its not meeting its charter to deal with SOR.
>
> If we want to finely parse the charter, here's what it actually says:
> ...
> So the Web Fonts charter does not make any mention of including
> a same-origin restriction in the WOFF format

Thank you for quoting the charter directly. I was going on,

>>> Vlad: Not a last call response, but important so this call is
>>>   dedicated to that
>>>   ... charter was approved with mention of SOR
>>>   ... could be done in WOFF spec or elsewhere but it needs to be
>>>   adressed somewhere

and the final clause, "[SOR] needs to be addressed somewhere," seems
to be the point of contention here, because since where

> it would be ungentlemanly to try to argue that it's out
> of charter for the WOFF spec itself to define linking restrictions.

and

> it also seems incorrect to argue that such restrictions have
> to be included to meet the charter.

and

> The charter never suggested such restrictions would be in the
> WOFF file format spec.
[1]

and CORS being off the table take us to is either WOFF with SOR being
addressed by FO or with SOR not being addressed.

Is CORS really totally off the table?

I get the impression that Vlad thinks CORS is still an option and
Maciej doesn't; I see hints that the heat CORS is giving off as it
breaches the web's atmosphere is likely to get hotter when the other
web technologists with even less care about the concerns represented
and considered by the WG members here take a look at it.

If CORS really is off the table, then I think we agree delays are bad news.

If we do nothing and leave CORS in WOFF, it will be challenged on the
way to REC, and add huge delays.

If we replace CORS with FO, this changes WOFF now, and adds huge
delays. A From-Origin WOFF (FOWOFF) would require waiting on other
WG's progress, and delay other WG already waiting on this one in turn,
that's bad. If FOWOFF pushes back the timeline on WOFF going to REC,
that will harm font vendors waiting for WOFF who don't care about SOR
and web publishers and web users who are waiting for those font
vendors to join the party.

If we remove CORS from WOFF, this changes WOFF now, and adds a small
delay, because then WOFF will proceed all the way to REC without
challenge.

Since it is clear to me that the WG was chartered to decide if or what
SOR turned out to be appropriate, and I think CORS is a genuinely bad
idea, then it seems best to me to now decide as a WG that addressing
SOR in WOFF is inappropriate in February 2011 and to go forwards on
schedule with With-Out From-Origin WOFF (WOFOWOFF).

As Maciej said, it's actually failing to take action promptly that
will create delay; we risk the cure being worse than the disease.

Cheers
Dave

[1] No, because restrictions in the WOFF file format spec make it a
DRM spec; the WOFF file format spec can reference SOR that is based
serverside, not clientside.

Received on Sunday, 20 February 2011 07:41:19 UTC