- From: cynthia <notifications@github.com>
- Date: Fri, 11 Dec 2020 02:49:00 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/370/743122507@github.com>
@nondebug thanks a lot for the summary! The last two points look good to me. I thought about this for a bit after the meeting, but then forgot to follow up, so thanks for the reminder. > Also there are use cases where multiple origins may need to access the same device If the permission dialog has three (allow shared, allow exclusive, deny) buttons instead of two (allow, deny) - this case might be coverable. (Whether or not current browser permission management lets you do that, that is another problem.) Would this be a possible option considering? > any vendor may contribute new rules by pull request. I had one question I did not manage to ask during the meeting - and that's about how to validate the provenance of the pull request. I'm assuming past requests were through corporate e-mail, which has some level of verification power. But with pull requests, since Github basically lets you claim anything as your employer - so provenance forgery is definitely possible. (And unfortunately we've never had to deal with this kind of problem yet) Aside from first-party requests, there is the case of valid third party requests - for example from a security researcher. This is more of a policy problem than a technical problem, so I might want to bring it up with W3C to figure out how we want to deal with this. Do you have any thoughts on this? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/370#issuecomment-743122507
Received on Friday, 11 December 2020 10:49:13 UTC