[whatwg] Fakepath revisited

timeless timeless at gmail.com
Sat Sep 5 18:46:48 PDT 2009


On Sat, Sep 5, 2009 at 12:27 PM, Nils Dagsson
Moskopp<nils-dagsson-moskopp at dieweltistgarnichtso.net> wrote:
> Also, we could settle this. A sizable non-exhaustive list of problematic
> sites could end this discussion soon. Just sayin'.

Let's get biblical. Precisely how sizable is sufficient for us not to
destroy Sodom ?

The fact is that we want users to be able to upgrade routers. Routers
that users don't upgrade to later firmware are security nightmares.
Firefox recently announced a feature to encourage users to upgrade
Flash. Saying that we don't want our users to upgrade their routers
would sound disingenuous right about now. And routers are interesting
things, there have been some fairly cool attacks on them using
browsers (kinda like Flash).

Sometimes it'd be nice if people were willing to trust browser
vendors. Sometimes we aren't going to be able to release all of our
research. But really, if there's a business case strong enough to
prevent us from doing something we've announced we intended to do, and
that something would have reduced our code complexity, you can be sure
that it meant there was a reason. In all likelihood, the engineers
hate the fact that they're doing it, but there's a reason, and it had
to be pretty darn good for engineering to cave.

(Speaking as an engineer who does not enjoy caving, but who is glad to
be able to ship a product once in a while.)



More information about the whatwg mailing list