- From: Wendy Seltzer <wseltzer@w3.org>
- Date: Tue, 7 Feb 2017 17:13:13 -0500
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
- Cc: Philippe Le Hegaret <plh@w3.org>
Hi WebAppSec, Philippe raised some questions about the milestones for deliverables listed in the revised charter. The timing is quite optimistic -- can chairs and editors take a look at the specs and timelines to propose realistic milestones? https://rawgit.com/w3c/webappsec/master/admin/webappsec-charter-2017.html#deliverables Thanks! --Wendy -------- Forwarded Message -------- Subject: Review for the WebAppSec WG Recharter Date: Tue, 7 Feb 2017 15:59:32 -0500 From: Philippe Le Hégaret <plh@w3.org> Looking at https://rawgit.com/w3c/webappsec/master/admin/webappsec-charter-2017.html ---- Overall, the charter is way too ambitious or way too optimistic in terms of milestones. As written, the Group is planning to release 13 Recommendations in 2017. If that is really the case, they would reach a record! * Several milestones are "Q1 2017" and aren't yet Proposed Recommendations. I have serious doubt those milestones can be achieved at this point: Mixed Content, Upgrade Insecure Requests, Secure Contexts, Referrer Policy. * Several milestones are "Q2 2017" and aren't yet Candidate Recommendations: CSP3, CSP: Embedded Enforcement, Clear Site Data, Credential Management API. Are we sure the Group can achieve CR for those by the end of April? * Suborigins isn't a FPWD yet and still the Group believes they can ship to REC within 11 months. It's possible but ambitious. * Side-Wide Policy is still discussed in WICG and already appears in the charter? I believe we should push back on those milestones and ask them to provide more realistic ones. I don't think we should associate milestones to deliverables that are still under discussion within WICG. I also don't think all of the deliverables are such high on their lists that they all need to have milestones btw.
Received on Tuesday, 7 February 2017 22:13:19 UTC