Meeting minutes
Minutes Review
mm goes over the minutes
McCool: There are a number of typos which need to be fixed.
… some points discussed in last week's meeting still need to be addressed
Kaz: (Fixes the typos)
There are no objections against publishing the minutes, they are published
PRs
TD PR 1382
Philipp: I added some comments to the PR
… regarding possible vulnerabilities due to titles and descriptions (e. g. XSS attacks)
… if they are displayed in a UI
McCool: Yes, this kind of vulnerabilities need to be addressed
… could lead to malicious script execution, for example
Jan: Should something like sanitization be added?
McCool: We could specify that, for example, all HTML markup needs to be removed, but this might have negative impact
… Concerns every string field
Philipp: True, but I thought titles and descriptions are probably going to be exploited first
Security and Privacy Questionnaire
McCool: There needs to be an issue for each deliverable in the w3ctag design review repository
<kaz> design-reviews repo
McCool: (Starts a TAG review issue for the TD repository)
… should this be the editor's version or a Working Draft, kaz?
Kaz: Usually I provide a static HTML file
McCool: We can provide a link to the new WD once it's ready
… for now I'll mark it as "Work in Progress"
… I also mark it as "Security Review"
<kaz> prev issue for TD 1.0
Kaz: You could also look at the previous TAG review issue as an example
McCool: Problem is that they sometimes change the issue format
… old issue used the Editor's Draft
… the implementation report URL can be reused
… as well as the link to the wot-testing repository
… "User research" is new
… could point to our use case study
… (Adds the TD Self-Review PR 1382 (see above) to the form)
… I'll complete the list of Primary Contacts/Editors offline
… (Adds links to the other documents that are going to be reviewed)
… Are we doing Binding Templates as well, Kaz?
Kaz: Informative documents are not really important from the viewpoint of normative spec generation process
McCool: This also applies to the Use Cases document
McCool: For now the Specification does not point anywhere, will be up to Sebastian or the task force to update. Linking an Editor's Draft is a bit too dangerous
… (Submits the issue)
… Even though done in security, there a lot of items in the form that are not security related and need to be done elsewhere
… I'll create an issue in the TD repository linking to the TAG review request
… there needs to be a privacy review as well
Philipp: I've added another comment to the questionnaire issue
McCool: We need to have a plan to finish the questionnaire
… I created a separate branch for the review
… (Shows the Markdown file containing the questionnaire as well as the old Questions and Answers)
… we need to assign people to the new questions and clarify who is answering which question
… we'll sort out the actual assignment in the comments of the PR
… if you are working on a question please indicate this in the comments
<kaz> (McCool added 3 comments to the wot-thing-description PR 1382)
<kaz> McCool's comments
<kaz> [adjourned]