W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2020

Re: Next steps for Fetch Metadata

From: Dominic Farolino <domfarolino@gmail.com>
Date: Mon, 13 Jan 2020 00:52:43 -0500
Message-ID: <CA+-N3brD0p3RmrdD4Rmza6SQT6LqfAtjBoEy3wbMy16MB9ivxA@mail.gmail.com>
To: public-webappsec@w3.org
(Attempting to apply to this thread, we'll see if it works)

Just to throw my 2 cents in: I very much prefer consolidating a lot of
concepts that grow outside of HTML and Fetch, into HTML and Fetch
eventually. Sure we've mentioned some failure that WebAppSec has had with
maintenance and synchronization, but this is not limited to WebAppSec
(i.e., prevalent in WebPerfWG too IMO).

I personally think erring on the side of consolidation saves a lot of pain
in the long run, especially if we get to avoid building a system (that also
requires maintenance) to get around a problem we mostly introduced.

> On the other hand, I personally appreciate having separate documents for
separable
> concepts, which can go into a bit more detail about how the thing works,
why it works
> that way, and why developers should care.

I do sympathize with the idea of maintaining a separate, but mostly or the
latter reasons of explanation, spelling out "why developers should care",
and maybe even security examples. Consolidating the more-normative
mechanical bits to something like Fetch in this and some other cases makes
sense to me though.
Received on Monday, 13 January 2020 06:02:42 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:55:10 UTC