Re: [filter-effects] shader security model from L. David Baron on 2013-03-06 (public-fx@w3.org from January to March 2013)

From: L. David Baron <dbaron@dbaron.org>
Date: Wed, 6 Mar 2013 11:35:54 -0800
To: Dirk Schulze <dschulze@adobe.com>
Cc: "www-svg@w3.org list" <www-svg@w3.org>, "bjacob@mozilla.com" <bjacob@mozilla.com>, "public-fx@w3.org" <public-fx@w3.org>
Message-ID: <20130306193554.GA27145@crum.dbaron.org>

On Wednesday 2013-03-06 11:26 -0800, Dirk Schulze wrote:
> 
> On Mar 6, 2013, at 11:23 AM, "L. David Baron" <dbaron@dbaron.org> wrote:
> 
> > On Wednesday 2013-03-06 11:00 -0800, Dirk Schulze wrote:
> >> I wanted to resolve on a new working draft not only because of the changes to custom filters, but more because of a lot of clarifications for the other filter primitives and shorthand filters. At this point I do not see shaders blocking the standardization process of the whole spec. Should people still be concerned about the implementation status of shaders later in the process, we can put shaders on the risk list before going to CR. It may go into the next level of Filter Effects at this point.
> >> 
> >> Do you disagree with this strategy?
> > 
> > Yes.
> > 
> > I think trying to postpone dealing with objections is a bad
> > strategy.
> 
> I would like to understand your concerns more. Your objection in the CSS WG meeting were mainly based on the security concerns that you had. I hope I could clarify this point.

My objection in the CSS WG meeting was based on the 10 seconds I had
to consider an agenda item that was raised at the last minute
(during the meeting), and was not carefully thought out.

I think the features that you're proposing to add rope in a large
new area of functionality that adds a lot of complexity to the Web
platform (pulling in additional file formats that define shaders).
I don't think there's consensus that the value of this functionality
matches the complexity it adds.

(Note that consensus requires not only lack of objection, it also
requires wide support.)

That said, I've only had a few minutes to think through *this*
response so I might say something else after longer consideration.

Discussions like this are the reason I would prefer to see the CSS
working group operate using asynchronous decision making, like many
other W3C working groups do.

-David

-- 
𝄞   L. David Baron                         http://dbaron.org/   𝄂
𝄢   Mozilla                           http://www.mozilla.org/   𝄂

Received on Wednesday, 6 March 2013 19:36:27 UTC