Re: Require security review before FPWD

On Nov 3, 2014, at 10:57 , Anne van Kesteren <annevk@annevk.nl> wrote:

>> What we are trying to achieve is that by the time of Rec publication, the appropriate
>> reviews have been done and the issues they raised resolved, not that the issues
>> be raised at a particular stage.
> 
> You are missing the point. E.g. Apple ships EME today without
> requiring TLS. This constrains the options of the WG and gives
> reviewers the feeling they never really had any input into the process
> at all.
> 
> W3C Recommendation is not an actual constraint. Content that depends
> upon multiple shipping implementations is what constrains web
> standards development.

OK, I slipped into old-speak.  Maybe because I am.

By the time the w3c indicates that something is implementable, i.e. that implementations start occurring and hence security/accessibility/privacy/i18nability issues actually hit people, we should be clear that the appropriate reviews have been done, not that they were done explicitly at FPWD or at any other particular named stage.

All I am doing is pushing back on the ‘must be done at FPWD’ and saying that they must be done before people get hurt (or we have to make incompatible changes to the spec.)


David Singer
Manager, Software Standards, Apple Inc.

Received on Monday, 3 November 2014 11:28:13 UTC