W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2013

Re: [webappsec] POLL: Getting CSP 1.1 to LCWD

From: Glenn Adams <glenn@skynav.com>
Date: Thu, 3 Oct 2013 00:43:50 -0600
Message-ID: <CACQ=j+cPtx_ABg0f5oSc1yNznoNX0n2h-4pgHAKAbFwYvV+K8w@mail.gmail.com>
To: Daniel Veditz <dveditz@mozilla.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Wed, Oct 2, 2013 at 9:03 PM, Daniel Veditz <dveditz@mozilla.com> wrote:

> On 10/2/2013 6:39 AM, Glenn Adams wrote:
> > An add-on author that reads this may complain to a UA vendor that
> > ignores it, saying "you didn't do what the spec said you should do".
> > That's often sufficient to warrant implementing it.
>
> Users and add-on authors are already complaining and they don't really
> care what the spec says.
>

My conclusion is that a static policy is detrimental to some party's
interests, no matter which direction that policy takes. A more dynamic
policy would seem more appropriate.


>
> -Dan Veditz
>
>
Received on Thursday, 3 October 2013 06:44:38 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:03 UTC