W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2017

Fwd: Review for the WebAppSec WG Recharter -- update milestones

From: Wendy Seltzer <wseltzer@w3.org>
Date: Tue, 7 Feb 2017 17:13:13 -0500
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Cc: Philippe Le Hegaret <plh@w3.org>
Message-ID: <a4b0804a-3de8-33eb-b8a7-9fe7460862b7@w3.org>
Hi WebAppSec,

Philippe raised some questions about the milestones for deliverables
listed in the revised charter. The timing is quite optimistic -- can
chairs and editors take a look at the specs and timelines to propose
realistic milestones?

https://rawgit.com/w3c/webappsec/master/admin/webappsec-charter-2017.html#deliverables

Thanks!
--Wendy

-------- Forwarded Message --------
Subject: Review for the WebAppSec WG Recharter
Date: Tue, 7 Feb 2017 15:59:32 -0500
From: Philippe Le H├ęgaret <plh@w3.org>


Looking at
 https://rawgit.com/w3c/webappsec/master/admin/webappsec-charter-2017.html

----

Overall, the charter is way too ambitious or way too optimistic in terms
of milestones. As written, the Group is planning to release 13
Recommendations in 2017. If that is really the case, they would reach a
record!

* Several milestones are "Q1 2017" and aren't yet Proposed
Recommendations. I have serious doubt those milestones can be achieved
at this point: Mixed Content, Upgrade Insecure Requests, Secure
Contexts, Referrer Policy.
* Several milestones are "Q2 2017" and aren't yet Candidate
Recommendations: CSP3, CSP: Embedded Enforcement, Clear Site Data,
Credential Management API. Are we sure the Group can achieve CR for
those by the end of April?
* Suborigins isn't a FPWD yet and still the Group believes they can ship
to REC within 11 months. It's possible but ambitious.
* Side-Wide Policy is still discussed in WICG and already appears in the
charter?

I believe we should push back on those milestones and ask them to
provide more realistic ones. I don't think we should associate
milestones to deliverables that are still under discussion within WICG.
I also don't think all of the deliverables are such high on their lists
that they all need to have milestones btw.
Received on Tuesday, 7 February 2017 22:13:19 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:22 UTC