Actual vote and regrets (was Re: [webappsec] POLL: Getting CSP 1.1 to LCWD)

On 01/10/2013 01:23, Brad Hill wrote:
> As discussed on our last conference call and in a previous email, we
> are behind schedule on our deliverables and I would like to propose
> that we close the feature set for CSP 1.1.
>
> This is a formal poll to establish consensus.  Workgroup members,
> please take a few minutes to respond to these 6 questions to the list.
>
> 1: We should close the feature set of CSP 1.1?  Agree / Disagree
Disagree
>
> 2. We should include the application of 'unsafe-eval' semantics to the
> CSSOM in the core CSP 1.1 feature set? Agree / Disagree
Disagree
> 3. We should include the suborigin sandboxing proposal in the core CSP
> 1.1 feature set? Agree / Disagree
Disagree
>
> 4. We should include the "Session Origin Security" policy in the core
> CSP 1.1 feature set?  Agree / Disagree
Disagree
>
> 5. We should include the "cookie-scope" policy in the core CSP 1.1
> feature set?  Agree / Disagree
Disagree
> Finally, we have a Formal Objection that has been registered by the
> Cox Communication representative Glenn Adams to reverse the currently
> specified behavior of allowing user-defined scripts (including from
> extensions).  Glenn has declined to raise his suggestions on this list
> after several invitations to do so, but he gave a high-level set of
> proposals attached to this bug:
>
> https://www.w3.org/Bugs/Public/show_bug.cgi?id=23357
>
> 6. We should make changes to core CSP 1.1 behavior (including possibly
> specifying a new directive about user script) as requested by Bug
> 23357?  Agree / Disagree
>
Disagree
> Please reply to this list so your views can be "on the record".  This
> poll closes at the start of our next regularly scheduled
> teleconference on October 8th at 2pm  United States Pacific Time.
I'm afraid I can't make the call because I'm gonna be traveling.

Best regards,
--
Giorgio Maone

Received on Saturday, 5 October 2013 09:43:48 UTC