W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

[webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note

From: Brad Hill <hillbrad@gmail.com>
Date: Mon, 20 Oct 2014 16:13:56 -0700
Message-ID: <CAEeYn8i1DWfTyNV799o=UdCSZ4mQ1ovW8sCD0bGpd36Cxxb6hA@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
WebAppSec members,

 We are on the verge of advancing Content Security Policy Level 2 to
Candidate Recommendation, at which point it will be at the same
maturity level as CSP 1.0.

 Whereas:

1) the incompatible differences are small and implementer intent seems
to be to apply Level 2 behavior exclusively going forward...

2) we already lack for resources in test suite development and it is
unlikely we will build distinct 1.0 and Level 2 test suites as would
be necessary to advance both reports, or to complete the 1.0 test
suite before 1.0-specific behaviors become deprecated by user
agents...

I believe that we should formally abandon the intent to further
advance 1.0 and transition its status to "Working Group Note"
(http://www.w3.org/2014/Process-20140801/#Note) upon advancement of
Level 2 to CR.  Whereafter we would concentrate our efforts on
advancing, evangelizing and testing CSP Level 2 towards full
Recommendation status.

This Call for Consensus will conclude during our Monday session at
TPAC, October 27th.

Comments welcome, positive feedback encouraged, absence of comments
will be considered assent.

thank you,

Brad Hill
Received on Monday, 20 October 2014 23:14:24 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC