Re: [SRI] may only be used in documents in secure origins

Why expend effort on a guarantee so weak you don't want to surface it to
users?

...When engineering resources are already scarce?

...When we know that developers need a clear path to security just as much
as users do, and that every new knob and lever increases confusion?

HTTPS is the bare minimum. It's not about carrots and sticks.