On 05/01/2015 01:50 PM, oli...@omattos.com wrote:
When plans like this aren't rolled out across all browsers together, users inevitably
come across a broken site and say "Firefox works with this site, but Safari gives a
warning. Safari must be broken". Better security is punished.
Having this determined by a browser release is also bad. "My up to date Firefox is
broken, but my old Safari works. Updating breaks things and must be bad!". Secure
practices are punished.
All browsers could change their behaviour on a specific date and time. But
that would lead to stampedes of webmasters having issues all at once. And if
theres any unforeseen compatibility issue, you just broke the entire world.
Not so great.
So might I suggest the best rollout plan is to apply policies based on a hash
of the origin and a timestamp. Ie. on a specific date, 1% of sites have the
new policies enforced, while 99% do not. Then a month later, it's up to 51%,
and another month later it's up to 100%.
The proposal I understood from this thread involves breaking precisely
0% of existing sites. So the flag day would only be relevant to
in-development sites using new features only available in development
browser builds.
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
