[whatwg] whatwg Digest, Vol 82, Issue 10

Glenn Maynard glenn at zewt.org
Tue Jan 4 16:15:50 PST 2011

On Tue, Jan 4, 2011 at 7:07 PM, Seth Brown <learc83 at gmail.com> wrote:
> I couldn't agree more that we should avoid turning this into vista's UAC.
> Maybe developers could make changes infrequent enough that users
> wouldn't be bothered very often? They could encapsulate the device
> access logic into one .js file that shouldn't be regularly changed.

Please don't restrict my ability to update my software with an
annoyingly-designed security system.  Whether I believe that rapid
updates or slow, well-tested updates are a better model for my web
app, I shouldn't be forced into one or the other because of a security
model that annoys the user every time I change something.

And: it still doesn't help.  Asking a user whether changes to a
Javascript file are okay is meaningless.  Regular users don't know
Javascript; there's no way they can know whether to accept a change or
not.  No general security model can be built around requiring the user
to understand the technical issues behind the security.

Glenn Maynard

More information about the whatwg mailing list