[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Security policy ambiguities - XSA-108 process post-mortem

On Thu, 2014-10-09 at 00:06 +0100, Ian Jackson wrote:
>   Please provide URLs which are accessible and legible on mobile phone
>   browsers, which do not require cookies enabled to load, and which
>   are useable with text mode browsers, browsers which do not execute
>   Javascript, and with screen readers and other accessibility
>   software.  If the member of the Xen Project Security Team who
>   processes your application finds that their usual web browser does
>   not display the required information, when presented with the URLs
>   in your email, your application might be delayed or even rejected.

While I appreciate where you are coming from I don't think it is the
place of this policy to rail against the crapitude of the modern web and
try and enforce our own standards on things (much as I would like too).

I don't think it is unreasonable to expect that members of the security
team who typically run a browser with this crud disabled (which includes
myself) would load up their special sandboxed/throwaway browser with a
default config when faced with this sort of thing.

That said, the bits about accessibility seem less unreasonable, on the
basis that its not beyond the realms of possibility that someone
processing an application might not have the option of turning off a
screenreader etc.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.