W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

Re: [webappsec] Call for Consensus: Stop work on Content Security Policy 1.0, transition to WG Note

From: Mike West <mkwst@google.com>
Date: Tue, 21 Oct 2014 08:57:26 +0200
Message-ID: <CAKXHy=d0rbYb6VWgTqfhSdPz7=PQ=dJmGrY0UXY4sthQ6i1Gtg@mail.gmail.com>
To: Devdatta Akhawe <dev.akhawe@gmail.com>, Adam Barth <w3c@adambarth.com>
Cc: Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
+Adam, FYI

+1

--
Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

On Tue, Oct 21, 2014 at 4:36 AM, Devdatta Akhawe <dev.akhawe@gmail.com>
wrote:

> +1
>  On Oct 20, 2014 4:15 PM, "Brad Hill" <hillbrad@gmail.com> wrote:
>
>> WebAppSec members,
>>
>>  We are on the verge of advancing Content Security Policy Level 2 to
>> Candidate Recommendation, at which point it will be at the same
>> maturity level as CSP 1.0.
>>
>>  Whereas:
>>
>> 1) the incompatible differences are small and implementer intent seems
>> to be to apply Level 2 behavior exclusively going forward...
>>
>> 2) we already lack for resources in test suite development and it is
>> unlikely we will build distinct 1.0 and Level 2 test suites as would
>> be necessary to advance both reports, or to complete the 1.0 test
>> suite before 1.0-specific behaviors become deprecated by user
>> agents...
>>
>> I believe that we should formally abandon the intent to further
>> advance 1.0 and transition its status to "Working Group Note"
>> (http://www.w3.org/2014/Process-20140801/#Note) upon advancement of
>> Level 2 to CR.  Whereafter we would concentrate our efforts on
>> advancing, evangelizing and testing CSP Level 2 towards full
>> Recommendation status.
>>
>> This Call for Consensus will conclude during our Monday session at
>> TPAC, October 27th.
>>
>> Comments welcome, positive feedback encouraged, absence of comments
>> will be considered assent.
>>
>> thank you,
>>
>> Brad Hill
>>
>>
Received on Tuesday, 21 October 2014 06:58:15 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC