W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2015

Re: [UPGRADE]: What's left?

From: Mike West <mkwst@google.com>
Date: Fri, 6 Mar 2015 16:22:03 +0100
Message-ID: <CAKXHy=fkiSRndajictp-q7PvdE9taP9Z1rWJBSctdjdEKuoy_A@mail.gmail.com>
To: T Guild <ted@w3.org>
Cc: Yves Lafon <ylafon@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Jeff Hodges <Jeff.Hodges@kingsmountain.com>, Tanvi Vyas <tanvi@mozilla.com>, Peter Eckersley <pde@eff.org>, Daniel Appelquist <appelquist@gmail.com>, Alex Russell <slightlyoff@google.com>, Jose Kahan <jose.kahan@w3.org>
On Fri, Mar 6, 2015 at 4:02 PM, Ted Guild <ted@w3.org> wrote:

> Especially given how a couple prominent examples are archives you may
> want to include an archivist perspective.  It is not just about the cost
> of editing all the content but the hesitation for a curator as a
> preservationist to do so.  I would be very reluctant for instance to
> modify historic content on w3.org that has been untouched for twenty
> years and predated https being a standard.

Noted in https://github.com/w3c/webappsec/issues/208.

> > Are there other barriers to migration that this doesn't address?
> Not that I'm aware of.  There is another colleague, Jose Kahan, I would
> like to consult, he is away at present and can hopefully respond next
> week.

Looking forward to additional feedback! :)

> > Exactly. The intent is to avoid the insecure content warning, and
> > that's how Chrome's experimental implementation works. Perhaps it's
> > worth adding a note about that to the document...
> We would be interested in trying out your experimental implementation
> against a test instance of our site.

Grab Canary, and
enable chrome://flags/#enable-experimental-web-platform-features. You
should start seeing the feature in action. I'd say it's 90% working at this
point. I'd be _very_ interested in additional feedback.

Received on Friday, 6 March 2015 15:22:51 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:47 UTC