W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

snapshots in CfC Re: CfC: Publish a FPWD of "Requirements for Powerful Features"

From: <chaals@yandex-team.ru>
Date: Tue, 25 Nov 2014 19:54:20 +0300
To: John Kemp <john@jkemp.net>, Mike West <mkwst@google.com>, Brad Hill <hillbrad@fb.com>
Cc: Mark Nottingham <mnot@mnot.net>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-Id: <39171416934460@webcorp01e.yandex-team.ru>

25.11.2014, 18:13, "John Kemp" <john@jkemp.net>:
> Hi Chaals,
> On 11/25/2014 06:54 AM, chaals@yandex-team.ru wrote:
>>  TL;DR: Please go ahead.
>>  24.11.2014, 23:20, "Mike West" <mkwst@google.com>:
>>>  On Mon, Nov 24, 2014 at 9:00 PM, Brad Hill <hillbrad@fb.com
>>>  <mailto:hillbrad@fb.com>> wrote:
>>>      I've made a pull request to formalize the tone a bit.  Pending that or
>>>      similar updates by the editor, I support the publication of this
>>>      draft.
>>>  Thank you! I accepted the pull, cleaned up a few bits, and
>>>  republished: http://w3c.github.io/webappsec/specs/powerfulfeatures/
>>  It is really helpful in a call for consensus to have a URL to a
>>  snapshot.
> FWIW, you can review the commits made, individually if you so desire, by
> going to https://github.com/w3c/webappsec/commits/master

Sure. I did that and in this case it seems fine to me. But given a change of a few dozen lines, it is not always clear what a "consensus" is if it is determined by statements made about different documents at different times - it's generally easier to agree on something if everyone is agreeing on the same thing. For people on a differenc

>>  Consensus to publish "whatever was there when I looked" is
>>  actually seriously weakened if you can change what is there (this is
>>  security 101, right?).
> One thing that might improve the process is even for the spec editors to
> work in branches and issue Git pull requests back to master. The pull
> requests can be reviewed as a whole, or by looking at individual
> commits, prior to the reviewed pull request being merged to master.

It's simpler than that - in general, people can follow the entire history if they want to see each commit, or look at review drafts if they don't have that kind of time.

It's just a case of not mixing the two…


> - johnk
>>  That said, I think the changes I saw (up until about 15 minutes before I
>>  sent this mail) were helpful, and support publishing either way.
>>>  <http://w3c.github.io/webappsec/specs/powerfulfeatures/><http://w3c.github.io/webappsec/specs/powerfulfeatures/>
>>>  Regarding the issue #2 you added, 'blob:' has an origin, as does
>>>  'data:'. What clarification do you think is necessary in the algorithm
>>>  in order to resolve the issue?
>>  cheers
>>  Chaals
>>  --
>>  Charles McCathie Nevile - web standards - CTO Office, Yandex
>>  chaals@yandex-team.ru - - - Find more at http://yandex.com

Charles McCathie Nevile - web standards - CTO Office, Yandex
chaals@yandex-team.ru - - - Find more at http://yandex.com
Received on Tuesday, 25 November 2014 16:54:53 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:43 UTC