Re: [w3c/manifest] Update manifest spec to consider manifest updates for icon urls to be cache-control:immutable (PR #1199) from Daniel Murphy on 2025-12-16 (public-webapps-github@w3.org from December 2025)

From: Daniel Murphy <notifications@github.com>
Date: Tue, 16 Dec 2025 10:49:47 -0800
To: w3c/manifest <manifest@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/manifest/pull/1199/review/3584481458@github.com>

@dmurph requested changes on this pull request.



> @@ -1792,6 +1792,29 @@ <h3>
             `name_localized`.
             </li>
           </ol>
+          <p>
+            All other members are determined as <dfn>non security-sensitive members</dfn>
+            for the purpose of updates.
+          </p>
+          <p>

I think this will help with some vagueness below - 


```
A <dfn>security-sensitive update<dfn> is a significant change a one of the
[=security-sensitive members=], determined by the user agent. Respectively,
an update to a [=non security-sensitive member=] is a
[=non-security-sensitive update=].

When considering a [=manifest image resource=] [=security-sensitive update=],
the user agent SHOULD consider a [=manifest image resource=] updated if the
{{ImageResource/src}} member has changed. If the {{ImageResource/src}} has not
changed, the user agent MAY download the image and check for visual differences
in some cases. Finally, user agent MAY change a [=manifest image resource=]
[=security-sensitive update=] to a [=non security-sensitive update=] if the images are
not significantly visually different.

...

The user agent SHOULD apply all [=non-security sensitive updates=] immediately.

...

The user agent SHOULD present all [=security-sensitive updates=] to the user and require [=express permission=] before applying those changes.
```


This
- Removes the spec requirement of user options, and simplifies that the the chnage should be presented, and permission is required to apply them.
- Makes a term for the type of update, so that we can change the security sensitive update to a non-security sensitive one for the image that is not visually different.


WDYT?



-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/pull/1199#pullrequestreview-3584481458
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/manifest/pull/1199/review/3584481458@github.com>

Received on Tuesday, 16 December 2025 18:49:51 UTC