Removing trolls and off-topic conversation from Web Security IG? [was Re: A Somewhat Critical View of SOP (Same Origin Policy)] from Harry Halpin on 2015-09-23 (public-web-security@w3.org from September 2015)

From: Harry Halpin <hhalpin@w3.org>
Date: Wed, 23 Sep 2015 11:45:47 -0400
To: Anders Rundgren <anders.rundgren.net@gmail.com>, Alex Russell <slightlyoff@google.com>
CC: public-web-security@w3.org, Tony Arcieri <bascule@gmail.com>, Brad Hill <hillbrad@gmail.com>, Rigo Wenning <rigo@w3.org>
Message-ID: <5602C92B.4010002@w3.org>

[removing WebAppSec WG, since obviously this doesn't concern their
chartered work]

At this point, I think it would be a useful discussion for the Chair of
the IG to move the IG to member-only in a re-chartering, as it may be
the only way to keep the discussion on-topic.

In particular, it would also be a good idea for members who are finding
these conversations wasting their time to bring up with the Advisory
Committee and the Advisory Board the persistence of people who either do
not have a basic background in Web Security, people who are consistently
off-topic, and 'trolls' on W3C lists, and find a suitable process for
removing or excluding them (I personally try to use a 'spam' filter, but
new W3C members may not know). If the W3C cannot control the problem of
having a few people overwhelming mailing lists with what is effectively
viewed as spam, then the W3C may even run the risk of being an
unsuitable place for doing standards work due to the high noise-signal
ratio on lists such as the Web Security IG.

    cheers,
         harry

On 09/23/2015 11:18 AM, Anders Rundgren wrote:
> On 2015-09-23 15:57, Harry Halpin wrote:
>> On 09/23/2015 03:42 AM, Anders Rundgren wrote:
>>> In my opinion the #1 problem with this discussion is that when you
>>> mention things that doesn't match the SOP vision like the fact that
>>> Android-,
>>> Apple-, and Samsung-Pay doesn't work on the Web, dead silence is all
>>> you get.
>
>> <ad hominem attacks>
> > </ad hominem attacks>
>
>> In particular, it is likely more productive for various non-SOP schemes
>> to find a way to adopt to SOP in a principled manner and so maintain
>> security and privacy properties. Payment schemes, identity schemes, and
>> the rest should and can do this.
>
> This topic has never been discussed in for example:
> http://www.w3.org/Payments/IG/
>
> Maybe Jeff should take down the flag
> http://www.w3.org/2015/01/banker_payments.pdf
> before it gets too embarrassing?
>
> Anders
>
>

Received on Wednesday, 23 September 2015 15:45:51 UTC