On Thu, 08 Oct 2009 17:59:56 +0200, Mark S. Miller <[email protected]>
wrote:
This is my first TPAC. How does one put something on the agenda?
I added it here for you as I suppose you do not have a wiki account:
http://www.w3.org/2008/webapps/wiki/TPAC2009APIs#Agenda_Items
Otherwise I suggest we consider this resolved
considering that implementations are shipping.
I don't understand this argument seeing as how implementations of XDR
are already shipping too.
My assumption is that sites use conditionals to target one or the other
and would break if one or the other would no longer work. Maybe it's not
too late yet though, dunno.
I personally think keeping the API the way it is now is nicer and the
security issue seems highly theoretical.
As with much of the rest of CORS, newly created vulnerabilities seem
theoretical until they are deployed an attacked. By the time they do
not seem theoretical, it is too late to do better than patch around
problems that should not have been introduced. We've been over this
before.
Agreed.
--
Anne van Kesteren
http://annevankesteren.nl/
