Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note

+Adam, FYI

+1

--
Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

On Tue, Oct 21, 2014 at 4:36 AM, Devdatta Akhawe <dev.akhawe@gmail.com>
wrote:

> +1
>  On Oct 20, 2014 4:15 PM, "Brad Hill" <hillbrad@gmail.com> wrote:
>
>> WebAppSec members,
>>
>>  We are on the verge of advancing Content Security Policy Level 2 to
>> Candidate Recommendation, at which point it will be at the same
>> maturity level as CSP 1.0.
>>
>>  Whereas:
>>
>> 1) the incompatible differences are small and implementer intent seems
>> to be to apply Level 2 behavior exclusively going forward...
>>
>> 2) we already lack for resources in test suite development and it is
>> unlikely we will build distinct 1.0 and Level 2 test suites as would
>> be necessary to advance both reports, or to complete the 1.0 test
>> suite before 1.0-specific behaviors become deprecated by user
>> agents...
>>
>> I believe that we should formally abandon the intent to further
>> advance 1.0 and transition its status to "Working Group Note"
>> (http://www.w3.org/2014/Process-20140801/#Note) upon advancement of
>> Level 2 to CR.  Whereafter we would concentrate our efforts on
>> advancing, evangelizing and testing CSP Level 2 towards full
>> Recommendation status.
>>
>> This Call for Consensus will conclude during our Monday session at
>> TPAC, October 27th.
>>
>> Comments welcome, positive feedback encouraged, absence of comments
>> will be considered assent.
>>
>> thank you,
>>
>> Brad Hill
>>
>>