07:59:24 RRSAgent has joined #html-wg
07:59:24 logging to http://www.w3.org/2008/06/12-html-wg-irc
08:04:37 Lachy has joined #html-wg
08:17:14 Lachy has joined #html-wg
08:20:29 tlr has joined #html-wg
08:23:10 beowulf has joined #html-wg
08:27:39 ROBOd has joined #html-wg
08:51:49 I don't even understand what the issue is
08:51:53 I am now very confused
08:52:41 i'm very confused too
08:52:52 i don't know who the chairs are, and i don't know what the issue tracking mechanism is
08:53:06 i really have no idea how to interact with the htmlwg any more
08:54:10 maybe they have some internal meeting on it first
08:58:21 Lachy has joined #html-wg
09:09:05 zcorpan has joined #html-wg
09:17:47 mjs has joined #html-wg
09:22:19 mjs has joined #html-wg
09:51:33 MikeSmith: what's the link to this famed bugzilla?
09:55:34 Lachy has joined #html-wg
09:57:08 http://www.w3.org/Bugs/Public/
09:57:18 Hixie: ↑
09:57:28 wow, an upwards arrow
09:57:40 i really shouldn't be this amazed to see unicode work
09:58:21 we been having fun with special chars in Japan for years, even without Unicode
09:58:24 └|∵|┐♪┌|∵|┘
09:58:30 (^з^)-☆Chu!!
09:58:49 etc.
09:59:17 hmm, MS feedback has various legal notices
09:59:19 :/
09:59:38 Hixie: i don't know how to easily get a list of just the issues for the "HTML WG" "product"
10:00:16 http://www.w3.org/Bugs/Public/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&product=HTML+WG&long_desc_type=allwordssubstr&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whiteboard_type=allwordssubstr&status_whiteboard=&keywords_type=allwords&keywords=&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailtype1=substring&email1=&emailtype2=substring&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=&chfiel
10:00:37 MikeSmith: who gets to mark a bug RESOLVED?
10:00:56 http://www.w3.org/Bugs/Public/buglist.cgi?product=HTML+WG&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED
10:01:48 hsivonen: that we still need to decide yet
10:02:31 MikeSmith: I suggest letting Hixie and hyatt make the transitions from NEW to ASSIGNED and from ASSIGNED to RESOLVED
10:03:01 that sounds workable
10:03:04 perhaps going from RESOLVED to CLOSED could include more oversight
10:03:13 yeah, agreed
10:03:40 that paper is so confusing
10:05:04 http://www.w3.org/Bugs/Public/buglist.cgi?quicksearch=ALL+product:HTML
10:05:55 this is the one issue I have in there so far:
10:05:57 http://www.w3.org/Bugs/Public/show_bug.cgi?id=5729
10:06:17 anne: you went ahead and signed the agreement for the whitepaper?
10:06:56 Philip: thanks, that's indeed plenty easy
10:07:23 I just hit some buttons
10:07:27 anyway, if we can get this going, I can set up redirects/rewrites with shorter URLs
10:07:49 ROBOd2 has joined #html-wg
10:10:37 I can't really find much new information in that document apart from a lot of quotes from all over the place confusing the issue
10:11:10 shocking
10:11:49 you have to admire the skill with which they waste our time
10:11:59 keeps talking about DNS Rebinding and TOC/TOU
10:12:01 i really wouldn't have even thought of posting feedback in this quite innovative manner
10:12:19 true
10:13:48 I suggest each person respond by putting a PDF on his/her website that requires agreeing to a license
10:14:15 anne: I assumed the legal notices were BS and ignored them
10:14:24 I was thinking of using my own proprietary format
10:14:32 the whitepaper is lengthy but did not give me much new info
10:14:38 I guess I will have to respond though
10:14:52 well, you owe me a review first :p
10:15:05 a review of what?
10:15:09 access control :)
10:15:30 I suppose I will have to do that to respond to Microsoft's stuff in a fully informed way
10:15:41 your standards todo list has at least two things: access control/xhr2 and forms tf
10:16:00 :)
10:16:26 the DNS Rebinding thing is nonsense because if your server is vulnerable to a rebinding attack, then there is no need to use cross-site XHR to attack it
10:16:27 yeah, we can't really ignore them
10:17:13 TOC/TOU is somewhat BS as the preflight request is an indication of the server that it can deal with cross-site requests
10:17:29 the server says with that that it does check the Origin header and such
10:17:33 and if it is safe against DNS rebinding (checks Host header before doing any POST side effects for instance) then bypassing the method check won't help you
10:17:51 there's a wide gap between ignoring someone and giving them a detailed response
10:17:58 for example, my own response was not to ignore them
10:18:07 but didn't involve even looking at the document
10:19:29 it just seems like a good time to smack the FUD down thoroughly, since this is presumably their best shot
10:20:12 I'm wondering if any of their feedback might be worth acting on
10:20:53 sending cookies under a different header name sounds like it will reduce risk, but if you affirmatively added an access-control header and misunderstand cookies, you'll probably also choose to process the other cookie header even when you shouldn't
10:22:27 another proposal I heard for that was adding a crossorigin flag to cookies similar to httponly
10:23:05 so only cookies flagged as such would be sent?
10:23:10 yes
10:23:53 though you'd also need something for HTTP auth and another problem is that nobody has cookies defined...
10:24:06 I'm wondering what kind of server-side mistake this is expected to mitigate
10:26:19 I think the idea is that if you optin to access control you don't have to optin to cookies
10:26:30 someone who intentionally sends the access-control header, but doesn't realize they may get cookies, so they don't (look for the other header / set the flag)?
10:26:30 because I thought the expected mistake was someone who mistakes the authentication properties of a cookie for authorization
10:26:30 which is a conceptual-level error and won't be addressed by a change to how cookies are sent
10:26:33 so the person requesting the data doesn't get the personalized form of the page
10:26:53 would really help if Sunava were to copy and paste the full text into an e-mail message and post that to the list
10:27:24 you might get interesting results with that
10:27:35 especially with the e-mail clients they use...
10:30:06 well, you can opt in to access control and ignore cookies if you choose to
10:30:15 though maybe renaming the header makes ignoring cookies easier
10:30:20 but it also makes using cookies harder
10:33:56 another option is to require the server to optin to cookies as in the proposal from Hixie
10:33:56 another option is to leave the complexity on the server for that scenario as it is now
10:37:53 it seems hard to choose between these options
10:38:10 they all seem better than social networks prompting me for my gmail account info though
10:38:33 anne: congrats on the Opera 9.5 release by the way
10:46:56 zcorpan has left #html-wg
10:54:36 Dashiiva has left #html-wg
10:55:16 Dashiiva has joined #html-wg
10:55:25 zcorpan has joined #html-wg
11:06:22 thanks
11:14:06 tH_ has joined #html-wg
11:21:02 Julian has joined #html-wg
11:21:39 it appears XSLT in Opera 9.5 is broken in that the CSS for the transformation result does not get applied:
11:21:46 Example: http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p1-messaging-latest.xml
11:21:48 Sigh.
11:22:36 in Opera 9.27 it just says fail
11:25:29 anyways, bugs.opera.com/wizard
11:25:53 Tjat
11:26:02 *That's a lot of copies of the same xmlns :)
11:26:56 anne: yes, 9.27 was even more broken, an earlier version did work at some point of time.
11:27:23 anne: what's frustrating is that I have to keep submitting bug reports every time, instead that Opera starts doing regression tests
11:27:43 we have tons of XSLT regression tests
11:28:41 last I checked anyway
11:28:44 anne: good. then adding another one shouldn't be a problem ;-)
11:29:25 yeah, I'm sure that fixing this in response to your bug report will involve adding a regression test
11:30:42 anne: well, the same kind of resource was broken before, so I would have hoped that that particular test already exists.
11:31:08 zcorpan has left #html-wg
11:31:55 interesting, well, as I said, I'm not doing QA on this
11:39:54 bug-337388@bugs.opera.com
11:41:54 zcorpan has joined #html-wg
12:18:15 aaronlev has joined #html-wg
12:20:41 ROBOd has joined #html-wg
12:24:03 myakura has joined #html-wg
13:14:54 Julian, "how would care?"
13:14:56 ?
13:15:19 s/how/who/
13:15:29 oh, well, gsnedders did apparently
13:15:49 I mean, who's running pre HTTP/1.0 servers in practice?
13:15:57 I don't think XHR needs to talk about these.
13:17:04 i don't think so either
13:17:10 i deferred it to him
13:17:35 that is, it seems wrong for XHR to deal with these HTTP details
13:26:28 Yes. If the response doesn't parse as defined by the HTTP spec, the request failed. If UAs do something else, it may be useful to talk to them.
13:27:10 or write a HTTP spec that does take UAs into account
13:28:06 and has UA interop as exit criteria and such
13:45:04 sierk has joined #html-wg
13:55:21 ROBOd has joined #html-wg
14:06:14 Dashiva has joined #html-wg
14:12:15 billmason has joined #html-wg
14:19:40 hyatt has joined #html-wg
14:52:15 Lachy has joined #html-wg
14:57:11 smedero has joined #html-wg
15:34:02 dbaron has joined #html-wg
15:42:37 hober has joined #html-wg
15:46:59 adele has joined #html-wg
15:52:00 Steve_f has joined #html-wg
15:58:07 oedipus has joined #html-wg
15:58:32 Laura has joined #html-wg
16:01:54 Hi Steve
16:03:26 trackbot, start meeting
16:03:28 RRSAgent, make logs public
16:03:28 Zakim has joined #html-wg
16:03:30 Zakim, this will be HTML
16:03:30 ok, trackbot, I see HTML_WG()12:00PM already started
16:03:31 Meeting: HTML Issue Tracking Teleconference
16:03:31 Date: 12 June 2008
16:03:40 Zakim, code?
16:03:40 the conference code is 4865 (tel:+1.617.761.6200 tel:+33.4.89.06.34.99 tel:+44.117.370.6152), MikeSmith
16:03:55 zakim, phone?
16:03:55 I don't understand your question, oedipus.
16:04:01 zakim, who is here?
16:04:01 On the phone I see ??P6, +1.425.467.aaaa, Gregory_Rosmaita, Laura_Carlson
16:04:03 On IRC I see Laura, oedipus, Steve_f, hober, dbaron, smedero, Lachy, hyatt, Dashiva, ROBOd, zcorpan, tH, Dashiiva, mjs, beowulf, tlr, RRSAgent, jmb, Yudai, marcos, krijn, Navarr,
16:04:07 ... MikeSmith, shepazu, jgraham, gavin, drry, heycam, deane, gsnedders, takkaria, anne, Philip, gavin_, Shunsuke, hsivonen, Hixie, matt, trackbot, xover, jeremy, deltab, t
16:04:20 Zakim, ??P6 is me
16:04:20 +smedero; got it
16:04:23 Present- Matt
16:04:38 ooh... actually... it is not.
16:04:41 doh
16:04:49 sorry!
16:04:54 want me to fix?
16:04:58 Zakim, ??P6 is Steve_F
16:04:58 I already had ??P6 as smedero, smedero
16:05:06 sigh.
16:05:10 zakim, aaaa is smedero
16:05:10 +smedero; got it
16:05:15 Thanks, oedipus.
16:05:20 zakim, ??P6 is Steve_Faulkner
16:05:20 I already had ??P6 as smedero, oedipus
16:05:28 itchy trigger finger there.
16:05:34 +ruilopes
16:05:49 Zakim, who's on the phone?
16:05:49 On the phone I see smedero, smedero.a, Gregory_Rosmaita, Laura_Carlson, ruilopes
16:06:03 zakim, smedro.a is Steve_Faulkner
16:06:03 sorry, oedipus, I do not recognize a party named 'smedro.a'
16:06:09 zakim, smedero.a is Steve_Faulkner
16:06:09 +Steve_Faulkner; got it
16:06:32 zakim, who is here?
16:06:32 On the phone I see smedero, Steve_Faulkner, Gregory_Rosmaita, Laura_Carlson, ruilopes
16:06:34 On IRC I see Laura, oedipus, Steve_f, hober, dbaron, smedero, Lachy, hyatt, Dashiva, ROBOd, zcorpan, tH, Dashiiva, mjs, beowulf, tlr, RRSAgent, jmb, Yudai, marcos, krijn, Navarr,
16:06:38 ... MikeSmith, shepazu, jgraham, gavin, drry, heycam, deane, gsnedders, takkaria, anne, Philip, gavin_, Shunsuke, hsivonen, Hixie, matt, trackbot, xover, jeremy, deltab, t
16:06:40 Let's hope you got the right smedero :)
16:06:48 Zakim, ruilopes is me
16:06:48 +MikeSmith; got it
16:06:51 Zakim, who's on the phone?
16:06:51 On the phone I see smedero, Steve_Faulkner, Gregory_Rosmaita, Laura_Carlson, MikeSmith
16:07:13 Topic: convene weekly HTML WG issue-tracking telcon
16:07:24 Chair: MikeSmith
16:07:29 Scribe: MikeSmith
16:07:36 ScribeNick: MikeSmith
16:07:46 oedipus, I'm not convinced the names are right...
16:07:48 but who knows
16:08:11 Steve_Faulkner joined before I did... so he should be in the first slot, right?
16:08:13 GJR has 2 agenda requests: 1) ternary state of tracker (formal request of chairs made) and 2) a week's extension for my proposal to the forms task force list as i have had severe infrastructural problems (including an entire day without electricity)
16:08:20 minutes from last week: http://www.w3.org/2008/06/05-html-wg-minutes.html
16:08:37 Zakim, passcode?
16:08:37 the conference code is 4865 (tel:+1.617.761.6200 tel:+33.4.89.06.34.99 tel:+44.117.370.6152), anne
16:08:42 k-o
16:08:55 adele has joined #html-wg
16:09:06 +[IPcaller]
16:09:13 Zakim, [ is me
16:09:13 +anne; got it
16:09:33 ternary state: http://lists.w3.org/Archives/Public/www-archive/2008Jun/0030.html
16:09:45 chrisW's reply: http://lists.w3.org/Archives/Public/www-archive/2008Jun/0044.html
16:10:06 any items to add to the agenda for today?
16:10:20 anne: is the chair thing on the agenda?
16:10:43 who is in a position to say something?
16:11:22 MS: W3C is discussing this internally, not going to get a resolution in the next hour; please hold your breath
16:11:28 ... a little longer
16:11:51 MS: hopefully fixed by tomorrow
16:12:44 adele has joined #html-wg
16:12:58 Topic: ternary state of the tracker
16:13:05 my open question to/request of the chairs -- which i made sure was logged
16:13:05 in IRC at today's telecon -- is as follows: when one opens an issue, it is
16:13:05 not marked as "OPEN", but rather as "RAISED" -- can the chairs in their
16:13:05 capacity as chairs, therefor, issue a formal statement to the effect that:
16:13:05 * RAISED equals PROPOSED - proposal will be discussed on list and in
16:13:06 at least 1 telecon before marked as OPEN or quashed
16:13:08 * OPEN equals UNDER ACTIVE CONSIDERATION BY WG
16:13:08 http://lists.w3.org/Archives/Public/www-archive/2008Jun/0030.html
16:13:10 * CLOSE equals Editors/Chairs consider issue resolved - note that
16:13:12 issues should be closed only after being addressed at a telecon, so
16:13:14 that if there is dissent over the resolution, it can be logged and
16:13:17 objectors should be given an opportunity to convince the chairs that
16:13:18 the issue should not be closed
16:13:20 +Doug_Schepers
16:13:20 or provide the rationale for not considering "RAISED" issues as "PROPOSED"?
16:13:46 Along these lines, I tried to sort out how we came to the three issue states we currently have: http://lists.w3.org/Archives/Public/public-html-wg-issue-tracking/2008Jun/0006.html
16:14:06 why not?
16:14:38 doesn't a plus one from a chair cary weight?
16:15:07 it doesn't affect the argument
16:15:11 MikeSmith: as far as Chris Wilson's +1 message, I don't find that particularly useful
16:15:57 ... in general, "+1" messages to the list are rarely, if ever, useful in discussions on the list
16:16:07 shepazu: ignoring plus one messages discourages participation - sometimes there's nothing left to add to a well articulated post
16:16:09 shepazu: can I slightly disagree with that?
16:18:07 if there's nothing left to add, then there's little point in posting anything at all.
16:18:11 is following up on issues the responsibility of the issue tracking team?
16:18:20 A +1 adds an additional voice of support to a concept or proposal.
16:19:14 the problem with +1's, which we had trouble with back when the group started, is that it floods people's inboxes with mostly useless messages and takes up valuable time from reading potentially more important messages
16:19:15 discouraging "+1" can suppress minority opinion by alienating list members who might have nothing more to say but who do agree with the poster... it's a good way to make sure that only the most vocal are represented in the considerations
16:19:20 q+ to say that we need a statement on behalf of the chairs as to what the three states mean
16:19:21 q+
16:19:23 q?
16:19:27