W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2005

[Bug 184] Section 19.8 added with no open issue nor WG consensus

From: <bugzilla@soe.ucsc.edu>
Date: Fri, 30 Dec 2005 10:59:57 -0800
Message-Id: <200512301859.jBUIxvt5015058@ietf.cse.ucsc.edu>
To: w3c-dist-auth@w3.org

http://ietf.cse.ucsc.edu:8080/bugzilla/show_bug.cgi?id=184

lisa@osafoundation.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID



------- Additional Comments From lisa@osafoundation.org  2005-12-30 10:59 -------
This bug is a process objection, not a spec issue. If there's a problem with the
text or a proposal that it be removed, please change the bug summary/description
or enter a new bug and describe what the problem with the text is.

For the record, the section added is "Hosting malicious scripts executed on
client machines".  This is a security consideration that has actually come up in
the field, as reported to me by Barry Lind of Xythos a few months ago.  Some
schools deploying WebDAV servers have also deployed filters or disallowed
certain content types as they've figured out this security risk on their own.  I
can ask that Barry send his mail to the list but I think it's pretty obvious
from the text in recent drafts what Barry's proposal was.  



------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
Received on Friday, 30 December 2005 19:00:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:12 GMT