Re: PING review issues tracker (was: Re: Cross-Spec Privacy/Security Risks) from Matthew Finkel on 2021-01-26 (public-privacy@w3.org from January to March 2021)

From: Matthew Finkel <matthew.finkel@gmail.com>
Date: Tue, 26 Jan 2021 19:02:03 +0000
To: Samuel Weiler <weiler@w3.org>
Cc: public-privacy@w3.org
Message-ID: <CAGF8hstS0DjsknG4hpDdQhWK6icmSMVyRMucmbKS=-_5j8arsQ@mail.gmail.com>

On Mon, Jan 25, 2021 at 1:48 PM Samuel Weiler <weiler@w3.org> wrote:
>
> On 1/21/21 1:31 PM, Matthew Finkel wrote:
> > Hi,
> >
> > Is there a way to see all of the identified privacy and security risks
> > from all web specs in a single place? Maybe in a nice and readable
> > table?
> >
> > While I was reviewing the new CSS drafts I wondered if there was a way
> > I could see how risks (new fingerprinting vector or information
> > leakage) in the draft would interact with other identified
> > risks/leakage previously identified in other specs.
>
> YES!
>
> This page shows _open_ privacy review issues:
>
> https://w3c.github.io/horizontal-issue-tracker/?repo=w3cping/tracking-issues

Ah! Thank you, Sam! This isn't what I was imagining, but I think it's better in
some ways. Is there any place where PING tracks privacy risks/considerations
that are flagged in the spec but a tracking issue is not created? For example, a
draft already says that some new functionality could be incorporated into a
browser fingerprint, but an issue is not created for it, for whatever reason?

Thanks!
Matt

>
> There is a link at the top of that page to the Github repo that feeds
> the tool:
>
> https://github.com/w3cping/tracking-issues/issues
>
> You can search this issues list in the usual Github ways, including the
> _closed_ issues.  Most issues have a Github "s:" label pointing at the
> "short name" of the spec.
>
> Security issues are tracked in a parallel repository and displayed using
> the same tool - the link to the security tracker is in the left hand
> column of the tool:
>
> https://w3c.github.io/horizontal-issue-tracker/?repo=w3c/security-review
> https://github.com/w3c/security-review/issues
>
> Lastly, these issues are generally created by a tool scanning w3c Github
> repos for the *-tracker and *-needs-resolution labels - we typically
> create the substantive issues in WG's own repos then let the tool create
> these tracking issues.
>
> I'm happy to answer questions as you have them.
>
> -- Sam
>

Received on Tuesday, 26 January 2021 19:02:28 UTC