Re: [Xen-devel] Security policy ambiguities - XSA-108 process post-mortem

[Ian Campbell <Ian.Campbell@xxxxxxxxxx>]

On Thu, 2014-10-09 at 00:06 +0100, Ian Jackson wrote:
> 
>   Please provide URLs which are accessible and legible on mobile phone
>   browsers, which do not require cookies enabled to load, and which
>   are useable with text mode browsers, browsers which do not execute
>   Javascript, and with screen readers and other accessibility
>   software.  If the member of the Xen Project Security Team who
>   processes your application finds that their usual web browser does
>   not display the required information, when presented with the URLs
>   in your email, your application might be delayed or even rejected.

While I appreciate where you are coming from I don't think it is the
place of this policy to rail against the crapitude of the modern web and
try and enforce our own standards on things (much as I would like too).

I don't think it is unreasonable to expect that members of the security
team who typically run a browser with this crud disabled (which includes
myself) would load up their special sandboxed/throwaway browser with a
default config when faced with this sort of thing.

That said, the bits about accessibility seem less unreasonable, on the
basis that its not beyond the realms of possibility that someone
processing an application might not have the option of turning off a
screenreader etc.

Ian.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel