@jakearchibald -- agree with the approach. One comment: >If fixing the security issues of "execution" also prevent use-cases. As in, if some use-cases need network access, then that requirement clashes with the security requirements. If it is, from an information theory standpoint, even possible to craft a "config" option (which by definition cannot access the network at evaluation time) to satisfy a use case, then it ___must___ be possible to craft an "execution" option that does not need to access the network for that same use case. This third bullet is a red herring. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments-payment-apps-api/issues/96#issuecomment-275458532
Received on Thursday, 26 January 2017 17:48:53 UTC