See also: IRC log
<scribe> Agenda: https://lists.w3.org/Archives/Public/www-svg/2016Aug/0014.html
<scribe> Scribe: Nikos
<scribe> scribenick: nikos
nikos: Disposition of comments:
https://nikosandronikos.github.io/svg2-cr-doc/
... I've put together the DoC
... it's currently being compiled from Github
... but I'll make it a static page to send off
... The one thing I haven't done is include the things in the
'clean up' milestone as deferred
AmeliaBR: think there's a few we should add - including some 'future wish list' stuff
nikos: I also sent out request for review to i18n and a11y
<AmeliaBR> https://lists.w3.org/Archives/Public/www-svg/2016Aug/0016.html
AmeliaBR: we got a response on
a11y this morning, I've replied
... I'm not expecting a lot of questions because we have people
working on the SVG TF
shepazu: Good answer regarding SVG fonts
Tav: I've been playing with SVG fonts a lot. We support creation of fonts
shepazu: Is there any way to export to SVG in OT ?
Tav: not yet
nikos: So we're really just waiting now for review comments
https://svgwg.org/svg2-draft/conform.html
shepazu: There's a few open
issues
... I have come around to the view point that conformance
should be part of the spec
nikos: For the issue 'Should animations run in the resource document?', I think that's defined elsewhere
AmeliaBR: Yes, I'll review the chapter
shepazu: How do we change something from appendix to chapter?
AmeliaBR: Somewhere in the build script this is all controlled
nikos: I can take a look at that next week
AmeliaBR: The other thing we need to do is add stub files for the moved and removed chapters
nikos: I was going to do that as a manual step during publication
AmeliaBR: For animation, it would be nice to have a short appendix pointing out the three ways you can animate SVG
<scribe> ACTION: Nikos to make conformance appendix a chapter [recorded in http://www.w3.org/2016/08/11-svg-minutes.html#action01]
<trackbot> Created ACTION-3855 - Make conformance appendix a chapter [on Nikos Andronikos - due 2016-08-18].
<scribe> ACTION: Nikos to add stub chapters [recorded in http://www.w3.org/2016/08/11-svg-minutes.html#action02]
<trackbot> Created ACTION-3856 - Add stub chapters [on Nikos Andronikos - due 2016-08-18].
shepazu: Regarding deferred issues. It's not a problem to list them - there's many issues so it's right to defer them to SVG next
nikos: So next week we finish these little spec tidy ups while waiting for review comments, and I'll finish off those extra things for DoC
shepazu: We have a few issues in the spec still. Do we want to make them Github issues?
AmeliaBR: anything in the spec should should already be in Github or be an 'at risk' comment
shepazu: Ok, I just introduced a
few new ones by bringing the integration spec text in
... The thing about fetch is probably the most substantive
AmeliaBR: I've fixed a lot of issues about Fetch so we can reference that
<AmeliaBR> https://svgwg.org/svg2-draft/linking.html#processingURL-fetch
AmeliaBR: Doug, you do a review, and then I'll do one as well afterwards
<AmeliaBR> https://github.com/w3c/svgwg/wiki/SVG-2-Security-&-Privacy-Review
nikos: Does this specification
deal with personally-identifiable information
... I couldn't think of anything
AmeliaBR: No more than what exists for web pages in general
nikos: Does this specification
deal with high-value data?
... No
... Does this specification introduce new state for an origin
that persists across browsing sessions?
shepazu: No
nikos: Does this specification
expose persistent, cross-origin state to the web?
... So I thought that language preference could expose some
state, but it's low risk
... I suppose if you have a lot of binary tests you might be
able to build up a fairly detailed picture
shepazu: A few years ago there
was a big push to avoid fingerprinting, but at this point
fingerprinting is too far advanced
... Is there anything about the fact you can reference an
external SVG via use that might fall into this category?
... Also language preference isn't stored in the SVG per se
nikos: Does this specification
expose any other data to an origin that it doesn’t currently
have access to?
... I don't think we're doing anything unique
AmeliaBR: We might at that point
say we allow CORS
... but only in a matter consistent with HTML
nikos: Doesn't hurt to point that
out
... Does this specification enable new script execution/loading
mechanisms?
... Again, we're the same as HTML
... Does this specification allow an origin access to a user’s
location?
... Definitely a no
... Does this specification allow an origin access to sensors
on a user’s device?
... no
... Does this specification allow an origin access to aspects
of a user’s local computing environment?
... Again here, I said yes via language preference
AmeliaBR: Could also say something about other required features switches and video/audio codec support
nikos: Does this specification
allow an origin access to other devices?
... No
... Does this specification allow an origin some measure of
control over a user agent’s native UI?
... no
... Does this specification expose temporary identifiers to the
web?
... no
... Does this specification distinguish between behavior in
first-party and third-party contexts?
AmeliaBR: wasn't sure about this
one. We do talk about different behaviours in a reference
document compared to an original document
... some of that is linked to CORS, but not sure if that's what
they mean
shepazu: Think we should say that we allow more restricted uses of the thing and link to the chapter
nikos: I don't think this is what that's about but we should say it
AmeliaBR: we do discuss anonymous
vs credentials mode for CORS
... think that's a little relevant
... as Doug said, mention that there's a distinction and let
them come back with questions if there's concerns
nikos: How should this
specification work in the context of a user agent’s "incognito"
mode?
... I said no
shepazu: is that true even in the context of referencing modes?
AmeliaBR: only difference is the browser wouldn't supply cookies to the server. But rendering of SVg would be the same
nikos: Does this specification
persist data to a user’s local device?
... no
... Does this specification have a "Security Considerations"
and "Privacy Considerations" section?
... It does
https://svgwg.org/svg2-draft/single-page.html#mimereg-mime-registration
scribe: it was just copied from
SVG TIny 1.2
... may need updating
... Does this specification allow downgrading default security
characteristics?
... I wasn't sure about this one
AmeliaBR: talking about CORS,
domain matching, etc
... You can mention that we do use CORS features similarly to
HTML
... or based on the HTML spec
... and therefore it can be affected by sand boxing
... which may what they're talking about
nikos: I'll update it. Don't really want to put it in a spec, but will link to it from the Security considerations section
Tav: Are we meeting at Graphical Web?
nikos: It's very unclear whether i'll be able to go to graphical web
shepazu: Next opportunity is TPAC
nikos: I'll be at TPAC
AmeliaBR: I'm hoping you and Doug
can get feedback and work out with other members what will
happen next
... especially looking at the test suite creation
... other thing to talk about at TPAC - the HTML / web platform
group is still hoping we take responsibility for Canvas 2d
context
... that would be something to discuss wrt to SVG WG charter
which is due in Fall
nikos: In terms of meeting at the graphical web, I think we should cancel that one because the date isn't that far off and it's too hard to confirm whether I'll be able to go
This is scribe.perl Revision: 1.144 of Date: 2015/11/17 08:39:34 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Found Scribe: Nikos Inferring ScribeNick: nikos Found ScribeNick: nikos Present: nikos Tav shepazu stakagi AmeliaBR Agenda: https://lists.w3.org/Archives/Public/www-svg/2016Aug/0014.html Found Date: 11 Aug 2016 Guessing minutes URL: http://www.w3.org/2016/08/11-svg-minutes.html People with action items: nikos[End of scribe.perl diagnostic output]