Re: SRI spec Maintenance

Hello Freddy,

> On 2 Jul 2019, at 15:30, Frederik Braun <fbraun@mozilla.com> wrote:
> 
> I've noticed that my spec co-editors have all not been very active
> lately, so I wonder who'd be willing to help with reviews on pull
> request - most of them will be of editorial nature.

Last year, I briefly presented a study related to SRI at TPAC and proposed to extend the specification (as initially intended) to other HTML elements such as img, video, or a. At this time, I only had a little time to dedicate to this task, but since then I have been hired by the University of Lausanne to do web security research. Therefore, I would gladly help in any revision work associated with the SRI specification.

> 
> In this specific case, I have removed all references to
> `require-sri-for`, because both Firefox and Gecko intend to remove this
> from their browsers. See
> <https://github.com/w3c/webappsec-subresource-integrity/pull/82>

Regarding the require-sri-for header, we are monitoring its use on the Web and it occurs very rarely (0.0132% of webpages). Whereas it’s not widely used, don’t you think it introduce a nice separation of concerns between system administrators and web developer that could eventually help at increasing the adoption of the specification (2.55% of webpages are now including at least one SRI)?

Best regards,

Bertil

Received on Tuesday, 2 July 2019 14:48:27 UTC