- From: Dan Connolly <connolly@w3.org>
- Date: Sun, 04 Nov 2007 00:18:42 -0400
Julian Reschke wrote: [...] >> On Sat, 27 Oct 2007, Julian Reschke wrote: >>>> We're long past that. It's trivial for a page to trigger a POST >>>> without the user knowing. >>> I consider that a bug in User Agents. >> >> This is not a widely held opinion. > > Well, it's what RFC2616 says. I would argue that if the HTML WG thinks > there is a problem in what RFC2616 has to say about how to use unsafe > methods, it should bring this to the attention of the newly formed HTTP WG. True, whenever our spec conflicts with some other group's spec, it creates a dependency; we're obliged to get review from that other group and see whether they think what we're doing is reasonable. The chairs are supposed to keep track of all such dependencies; the current HTML 5 draft seems to have a long of them. I have some notes at http://www.w3.org/html/wg/il16#coord ; I'm thinking about how to migrate it to tracker. While the cost of getting review is a consideration, it's far from a compelling argument. Sometimes the right answer involves changing more than just the HTML spec. Meanwhile, there's also the charter to keep track of; when we go outside the bounds of what our original call for participation said, we need to update that call for participation by having the W3C membership review the charter change. http://www.w3.org/2005/10/Process-20051014/groups.html#CharterReview Stay tuned for more on managing the edge of our scope later this week, in email and/or in the meeting... http://www.w3.org/html/wg/nov07 -- Dan Connolly, W3C http://www.w3.org/People/Connolly/
Received on Saturday, 3 November 2007 21:18:42 UTC