[webappsec] Concluding the Last Call period for CSP Level 2

We revisited closing Last Call for CSP Level 2 today on the call, but
it was right at the end of the meeting, a number of participants had
to drop early, and the group had a bit of decision fatigue, so though
there were no objections, assent was also less than vigorous.

Therefore we resolved to close LC pending the following:

1) That the client hint (CH-CSP) and child-src features be marked as AT RISK.
2) Clarification that path components are ignored for frame-ancestors
3) That there are no further objections on the list.

Regarding #3, if you are reading this object to closing the LC period
for Level 2, please reply before 23:59 PDT, 27-Aug-2014 (midnight
tonight, Pacific) stating your objection.

If no further objections are voiced, Last Call be considered closed at
that time.

thank you,

Brad Hill

Received on Wednesday, 27 August 2014 19:35:21 UTC