On Mon, Sep 21, 2015 at 6:58 PM, Jonathan Watt <jw...@jwatt.org> wrote:
> On 21/09/2015 19:57, Eric Rescorla wrote: > >> On Mon, Sep 21, 2015 at 11:23 AM, Jonas Sicking <jo...@sicking.cc> wrote: >> >> Note that this, similarly to clipboard integration, is already exposed >>> to the web through flash. So the main goal of this feature is to >>> enable developers to migrate off of flash and instead use Gecko. >>> >>> >> I'm not sure that this is the right standard. The reason that we are >> removing >> Flash is that people are sad about some things in Flash. So I think we >> need >> to replicate enough of Flash to get people to stop using it, but that >> doesn't >> mean we need to have it be bug-for-bug compatible with every feature Flash >> has, including features we think are bad. >> > > I don't think directory picking is bad - there are many sites with > legitimate uses. I think it's right that we need to think about the > security implications though, and members of the security team have been > looped in to consider these issues. Who have you been talking to on the security team? I haven't heard any discussion of this in our security engineering meetings. And I share EKR's concerns here. Thanks, --Richard > > > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
