W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

Minimum viable SRI?

From: Mike West <mkwst@google.com>
Date: Wed, 29 Oct 2014 12:49:10 +0100
Message-ID: <CAKXHy=e6PTcX8hVHDv__4MhssLgBePWGmfV2Xnw313GdROKLDA@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Cc: Brad Hill <hillbrad@gmail.com>, Frederik Braun <fbraun@mozilla.com>, Joel Weinberger <jww@google.com>, Devdatta Akhawe <dev.akhawe@gmail.com>
Skimming the notes from yesterday's discussion of SRI at TPAC[1], it sounds
like there was general agreement that we should aggressively trim the spec
down to the core that's generally agreed to be useful, and punt discussion
of the tricky bits until we determine whether SRI works at all on the web.

It's not clear to me from the notes what the minimal subset is. Could
someone who was involved in the conversation sketch an outline of what we'd
keep and what we'd punt?

[1]: http://www.w3.org/2014/10/28-webappsec-minutes.html#item06

Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Wednesday, 29 October 2014 11:49:59 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:41 UTC