- From: Sam Ruby <rubys@intertwingly.net>
- Date: Fri, 31 Oct 2014 10:35:45 -0700
- To: public-w3process@w3.org
On 10/30/14 10:17 AM, Anne van Kesteren wrote: > Without due security review implementers end up implementing drafts > and then we cannot fix the broken security and privacy > characteristics. > > See e.g. https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332#128 and > the rest of that thread for how hard it is to do this > post-publication. > > Requiring TLS for an API is something that should be considered very early on. Possible exception: if an editor or working group decides to split out a portion of a spec into a separate spec, I would hope that that could be done without triggering undue process implications. - Sam Ruby
Received on Friday, 31 October 2014 17:36:14 UTC