- From: Adam Barth <w3c@adambarth.com>
- Date: Mon, 19 Jul 2010 10:22:04 -0700
On Mon, Jul 19, 2010 at 5:56 AM, Hallvord R M Steen <hallvors at gmail.com> wrote: > 2010/7/15 Adam Barth <w3c at adambarth.com>: >> ?So, I'd prefer >> that we didn't change APIs after shipping them unless necessary. ?If >> we keep changing shipping APIs, we'll exhaust early adopters, which is >> bad for the ecosystem. > > I agree with that in general, however it makes things harder that this > is an issue that might have security implications. That's a pretty big stretch. If I were to rate this as a security vulnerability, I'd rate it as SecSeverity-None, which means I wouldn't even issue an advisory for it. > Opera hit this incompatibility on two sites. One is > http://www.studivz.net , the other one is Facebook (we've asked both > sites to fix the problem and referred them to the HTML5 spec). I'm sure that's just the tip of the iceberg. The trade-offs here seem to indicate that we should align the spec with the implementations rather than the other way around. > My gut feeling is that if you fix this quickly we could avoid usage > spreading even more on the web. By quickly, you mean after multiple major releases? Adam
Received on Monday, 19 July 2010 10:22:04 UTC