- From: Anne van Kesteren <annevk@opera.com>
- Date: Thu, 08 Oct 2009 18:05:52 +0200
- To: "Mark S. Miller" <erights@google.com>
- Cc: "Arthur Barstow" <art.barstow@nokia.com>, "Thomas Roessler" <tlr@w3.org>, "Tyler Close" <tyler.close@gmail.com>, "Jonas Sicking" <jonas@sicking.cc>, public-webapps <public-webapps@w3.org>
On Thu, 08 Oct 2009 17:59:56 +0200, Mark S. Miller <erights@google.com> wrote: > This is my first TPAC. How does one put something on the agenda? I added it here for you as I suppose you do not have a wiki account: http://www.w3.org/2008/webapps/wiki/TPAC2009APIs#Agenda_Items >> Otherwise I suggest we consider this resolved >> considering that implementations are shipping. > > I don't understand this argument seeing as how implementations of XDR > are already shipping too. My assumption is that sites use conditionals to target one or the other and would break if one or the other would no longer work. Maybe it's not too late yet though, dunno. >> I personally think keeping the API the way it is now is nicer and the >> security issue seems highly theoretical. > > As with much of the rest of CORS, newly created vulnerabilities seem > theoretical until they are deployed an attacked. By the time they do > not seem theoretical, it is too late to do better than patch around > problems that should not have been introduced. We've been over this > before. Agreed. -- Anne van Kesteren http://annevankesteren.nl/
Received on Thursday, 8 October 2009 16:06:37 UTC