- From: Daniel Veditz <dveditz@mozilla.com>
- Date: Fri, 20 Jun 2014 10:55:59 -0700
- To: Mike West <mkwst@google.com>, Brad Hill <hillbrad@gmail.com>
- CC: Glenn Adams <glenn@skynav.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Sigbjørn Vik <sigbjorn@opera.com>, Wendy Seltzer <wseltzer@w3.org>, Adam Barth <w3c@adambarth.com>
On 6/20/2014 1:03 AM, Mike West wrote: > 1) How long should the LC period be? Dan pointed out that summer is > difficult to enlist people's time. I suggested that perhaps we end LC > immediately before TPAC and we can use the session time there to > resolve any issues raised. > > 3.5 months is a long time, even during the summer. I thought one month was too short, but I was thinking more like 8 weeks would accommodate people. That way whether people take vacation early or late in the summer they'll be around for at least part of LC. I don't think we should wait until October. > Blink has implementations of both these directives. If other vendors > (Mozilla? Microsoft? Apple?) aren't interested, then we could certainly > mark them as "at risk" (although I think it's premature, since we > haven't yet issued a call for implementations). Perhaps folks from those > browsers could weigh in? reflected-xss wouldn't do anything in our browser since there's no xss filter to turn off. We won't error if we encounter an unknown directive so I guess we "support" it to that extent? Somehow I don't think that's the kind of second implementation W3 is looking for. -Dan Veditz
Received on Friday, 20 June 2014 17:56:30 UTC