W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2015

Re: CSP3 as a polylithic set of modules?

From: Mike West <mkwst@google.com>
Date: Tue, 29 Sep 2015 12:55:52 +0200
Message-ID: <CAKXHy=dBEee4BEsY1R=zJyLAs9N4uJ-zGLZ2dQG-JgcCX=2o4Q@mail.gmail.com>
To: Brian Smith <brian@briansmith.org>, Devdatta Akhawe <dev@dropbox.com>
Cc: Joel Weinberger <jww@chromium.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Brad Hill <hillbrad@gmail.com>, Dan Veditz <dveditz@mozilla.com>, Mark Nottingham <mnot@mnot.net>, Travis Leithead <Travis.Leithead@microsoft.com>
On Tue, Sep 29, 2015 at 12:08 AM, Brian Smith <brian@briansmith.org> wrote:

> On Mon, Sep 28, 2015 at 11:44 AM, Joel Weinberger <jww@chromium.org>
> wrote:
>
>> While I like the maintainability of this proposal, it seems like it might
>> complicated the versioning that Dev has proposed in the past (that I really
>> like). Namely, for each sub-spec, you'd have to tie it into a specific CSP
>> version you'd like it to be in, and tracking all of that information down
>> across specs might be difficult. But if we want versioning, maybe it's
>> still worth figuring out how to do it well across distributed chunks like
>> this.
>>
>
> I see Mike's proposal as a way towards avoiding versioning. I think it is
> worth trying to avoid versioning. It's not clear what issues that people
> are proposing to solve with versioning, though.
>

Yup. This is what I'm going for. I don't want to tie subspecs to a version
of CSP. Features are features, and there's no reason they need to be
implemented in a block.

I'm equally curious about what issues versioning would solve that makes it
appealing to folks like Dev (who I'm CCing directly :) ).

-mike
Received on Tuesday, 29 September 2015 10:56:40 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:15 UTC