W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2014

Re: [webappsec] Concluding the Last Call period for CSP Level 2

From: Mike West <mkwst@google.com>
Date: Wed, 3 Sep 2014 15:34:23 +0200
Message-ID: <CAKXHy=f0xX_64v-=eF3ZTvJ75ssYFqZaxfHNsiBB8ducU_kqVA@mail.gmail.com>
To: Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>, Wendy Seltzer <wseltzer@w3.org>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Adam Barth <w3c@adambarth.com>
https://w3c.github.io/webappsec/specs/content-security-policy/published/2014-09-03-CSP-2-CR.html
is a first pass at spinning out a CR draft. I'm running with the new
process document because the pubrules checker tells me that I need to
specify something. Happy to change that if we want to stick with the old
document for some good reason.

WDYT?

-mike

--
Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)


On Mon, Sep 1, 2014 at 4:48 PM, Mike West <mkwst@google.com> wrote:

> Thanks all. Apologies; I was on vacation last week, on a warm beach and
> mostly internet free. Obviously, the call completely slipped my mind. :(
>
> I'll spin up a CR-draft of the document later this week once folks come
> back from labor day vacation and review the changes I've made in response
> to some of the questions raised on this and other threads.
>
> Thanks!
>
> -mike
>
> --
> Mike West <mkwst@google.com>
> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
>
> Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
> Registergericht und -nummer: Hamburg, HRB 86891
> Sitz der Gesellschaft: Hamburg
> Geschäftsführer: Graham Law, Christine Elizabeth Flores
> (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
>
>
> On Wed, Aug 27, 2014 at 9:34 PM, Brad Hill <hillbrad@gmail.com> wrote:
>
>> We revisited closing Last Call for CSP Level 2 today on the call, but
>> it was right at the end of the meeting, a number of participants had
>> to drop early, and the group had a bit of decision fatigue, so though
>> there were no objections, assent was also less than vigorous.
>>
>> Therefore we resolved to close LC pending the following:
>>
>> 1) That the client hint (CH-CSP) and child-src features be marked as AT
>> RISK.
>> 2) Clarification that path components are ignored for frame-ancestors
>> enforcement
>> 3) That there are no further objections on the list.
>>
>> Regarding #3, if you are reading this object to closing the LC period
>> for Level 2, please reply before 23:59 PDT, 27-Aug-2014 (midnight
>> tonight, Pacific) stating your objection.
>>
>> If no further objections are voiced, Last Call be considered closed at
>> that time.
>>
>> thank you,
>>
>> Brad Hill
>>
>>
>
Received on Wednesday, 3 September 2014 13:35:16 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:06 UTC