[Bug 26332] Applications should only use EME APIs on secure origins (e.g. HTTPS) from bugzilla@jessica.w3.org on 2014-08-20 (public-html-bugzilla@w3.org from August 2014)

From: <bugzilla@jessica.w3.org>
Date: Wed, 20 Aug 2014 00:04:36 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-26332-2486-uMg3xXdUUh@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332

--- Comment #44 from Mark Watson <watsonm@netflix.com> ---
(In reply to David Dorwin from comment #43)
> (In reply to Mark Watson from comment #40)
> > (In reply to David Dorwin from comment #36)

> 
> Reiterating what Ryan said, the concern is not necessarily about "rogue
> CDMS", it is about limiting the damage that is possible when exposing a CDM
> that uses permanent identifiers, is not fully sandboxed, etc.

So why not apply the restriction only to such CDMs ? Why should the restriction
apply to CDMs that do not expose permanent identifiers and/or are fully
sandboxed ?

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Wednesday, 20 August 2014 00:04:38 UTC