Closed ericprud closed 11 months ago
No comments from APA.
no comment/request from i18n
Commenting here since the template question about where comments should go is unanswered.
When will the working groups be seeking security and privacy reviews for these docs? I ask in part because the JS Interface Doc appears to have not been republished in over two years, and I haven't seen review requests for any of these docs lately.
I also see that the privacy and security sections in the existing WG docs are not in great shape. The security analyses in the both the base doc and the JS interface doc are too minimal and don't touch on privacy at all, and there's nothing about either in the API doc. I suggest quick attention to those.
I'm particularly curious as to the state of the base doc, which says in-line that it's CG doc, not a WG doc, as detailed here: https://github.com/WebAssembly/spec/issues/1447
More substantively on the security side, what provisions are available for auditing WebAssembly code? Are there things we can do to make it more auditable?
@ericprud any thoughts re: the above, especially the ability to audit the code?
We (@samuelweiler, @plehegar and others) discussed this in global on 12 mai. I believe we reached consensus that:
There's an issue to WebAssembly/spec#1393 to integrate with Content Security Policy. See the associated proposal.
Charter work was announced to AC last year: https://lists.w3.org/Archives/Member/w3c-ac-members/2022AprJun/0011.html
(charter was approved by TiLT and can be sent for AC review)
New charter proposal, reviewers please take note.
Charter Review
Charter:
What kind of charter is this? Check the relevant box / remove irrelevant branches.
Communities suggested for outreach: WebAssembly Community Group
Known or potential areas of concern: This is a continuation of earlier work. It should not introduce any new i18n or a11y concerns.
Where would charter proponents like to see issues raised? (this strategy funnel issue, a different github repo, email, ...)
Anything else we should think about as we review? none