- From: Simon Pieters <simonp@opera.com>
- Date: Tue, 18 Jun 2013 12:25:15 +0200
- To: "www-style@w3.org" <www-style@w3.org>
In https://www.w3.org/Bugs/Public/show_bug.cgi?id=17522 we have a situation where all implementations and the spec agree on one thing, but that thing is wrong according to the industry standard terms. It is obvious that Glenn and I have different ideas about what the spec should say. In HTML, the policy in situations like these have almost always been to just match the implementations. There can be reasonable exceptions where we would want to not match implementations despite interoperability, like if a security problem is identified or if a different definition would be vastly superior *and* the feature is not widely used in the Web such that changing it does not cause compat problems. In the case of colorDepth and pixelDepth, the proposed change does not address any security problem. It would start to expose the number of bits in the alpha channel (also see https://www.w3.org/Bugs/Public/show_bug.cgi?id=14072). The attributes can be used for fingerprinting. The proposed change does not change that, in fact it probably increases the fingerprinting. If we want to remove this fingerprinting vector, the attributes can be made to return a static value, probably 24. It seems at least some current implementations do not return a static value. I'd like to hear from other people what they think. Do implementers want to change these to match the industry terms? Or remove the fingerprinting vector? Or leave as is? -- Simon Pieters Opera Software
Received on Tuesday, 18 June 2013 10:23:59 UTC