On Mon, Aug 24, 2009 at 6:11 AM, Gustavo Noronha Silva<[email protected]> wrote: > I am saying that we should be careful not to design things with 'Linux > is mostly used in enterprise settings' in mind.
Ah, I see. Yes, this makes sense. My experience with Linux is mostly in universities where these sorts of file systems are the norm. > So, to clear up my position regarding the actual meat of the proposal: I > agree this is an important security concern. Doing that in libraries > right now will break API expectations, though, so I think if it is done, > this should be done first by documenting the intent to change, and then > changing after a reasonable amount of time. Of course browser > applications can do it right now, though =) By way of context, Firefox has had this mitigations for several years on all platforms. IE has an even more onerous mitigation for a long time (basically they punt the decision to the users with a "click here to be hacked" experience). Chrome has had this mitigation since day 1. I think the main compatibly risk is in non-browser uses of WebKit where it's difficult for us to assess the risk without knowing the application. Where do you think we should document our intent to change? Adam _______________________________________________ webkit-dev mailing list [email protected] http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
