samuelweiler
commented
4 years ago We're using the tracking-issues repo for spec issues. I'm moving this discussion here.
Here is the reply I sent in email.
First, thank you for asking!
We draw largely from the IETF's practices, and we point at their documents:
https://tools.ietf.org/html/rfc6973#section-7 https://tools.ietf.org/html/rfc3552#section-5
More resources are linked from the horizontal review instruction page:
https://www.w3.org/Guide/documentreview/#how_to_get_horizontal_review
We require these sections because many of these concerns persist even at time of implementation and need to impact implementation - these aren't merely evidence of "we fixed everything already". Accordingly, while we have a questionnaire to encourage spec developers to look in various corners, we specifically discourage using the questionnaire as a template. We instead ask for custom-crafted text, written for the USER of the spec, not the reviewer:
https://w3ctag.github.io/security-questionnaire/#considerations
I'm not sure if i18n feels similarly about the issues you tend to raise, but that might inform whether you want to see sections in-line or not.
sandandsnow
I was actioned by the I18N WG to ask about the privacy's experience with the use of “privacy considerations” sections in specs. The background here is that internationalization is thinking about when and whether it makes sense to have “internationalization considerations” as a separate section in a spec. In most cases we have preferred not to create these, but there may be cases where it makes sense.
We’d be interested to know how privacy handles the creation, review, and maintenance of these when they appear in specs. Do you have a template or best practices? Do you have any learnings that would be helpful to us?