Re: [webappsec] POLL: Getting CSP 1.1 to LCWD from Glenn Adams on 2013-10-03 (public-webappsec@w3.org from October 2013)

From: Glenn Adams <glenn@skynav.com>
Date: Thu, 3 Oct 2013 00:43:50 -0600
To: Daniel Veditz <dveditz@mozilla.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CACQ=j+cPtx_ABg0f5oSc1yNznoNX0n2h-4pgHAKAbFwYvV+K8w@mail.gmail.com>

On Wed, Oct 2, 2013 at 9:03 PM, Daniel Veditz <dveditz@mozilla.com> wrote:

> On 10/2/2013 6:39 AM, Glenn Adams wrote:
> > An add-on author that reads this may complain to a UA vendor that
> > ignores it, saying "you didn't do what the spec said you should do".
> > That's often sufficient to warrant implementing it.
>
> Users and add-on authors are already complaining and they don't really
> care what the spec says.
>

My conclusion is that a static policy is detrimental to some party's
interests, no matter which direction that policy takes. A more dynamic
policy would seem more appropriate.

>
> -Dan Veditz
>
>

Received on Thursday, 3 October 2013 06:44:38 UTC