- From: Frederik Braun <fbraun@mozilla.com>
- Date: Tue, 2 Jul 2019 16:50:45 +0200
- To: Bertil Chapuis <bertil.chapuis@unil.ch>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Am 02.07.19 um 16:17 schrieb Bertil Chapuis: > Hello Freddy, > >> On 2 Jul 2019, at 15:30, Frederik Braun <fbraun@mozilla.com> wrote: >> >> I've noticed that my spec co-editors have all not been very active >> lately, so I wonder who'd be willing to help with reviews on pull >> request - most of them will be of editorial nature. > > Last year, I briefly presented a study related to SRI at TPAC and proposed to extend the specification (as initially intended) to other HTML elements such as img, video, or a. At this time, I only had a little time to dedicate to this task, but since then I have been hired by the University of Lausanne to do web security research. Therefore, I would gladly help in any revision work associated with the SRI specification. > Great! AFAIU you can easily support making editorial changes, but will have to formally join the working group for anything that's not considered "non-substantial". I'd rather let the working group chairs clarify this statement. To be clear, I don't have a strong interest to introduce new things to SRI yet, but I do want to clean up some of the remaining issues. >> >> In this specific case, I have removed all references to >> `require-sri-for`, because both Firefox and Gecko intend to remove this >> from their browsers. See >> <https://github.com/w3c/webappsec-subresource-integrity/pull/82> > > Regarding the require-sri-for header, we are monitoring its use on the Web and it occurs very rarely (0.0132% of webpages). Whereas it’s not widely used, don’t you think it introduce a nice separation of concerns between system administrators and web developer that could eventually help at increasing the adoption of the specification (2.55% of webpages are now including at least one SRI)? > I'm afraid that ship has sailed. We've unimplemented it in Firefox 68 (currently beta) <https://bugzilla.mozilla.org/show_bug.cgi?id=1386214> and Blink considers removing as well <https://bugs.chromium.org/p/chromium/issues/detail?id=618924#c11>. > Best regards, > > Bertil >
Received on Tuesday, 2 July 2019 14:51:11 UTC