Non-normative security and privacy section contains normative RFC 2119 keywords #40
Comments
|
I see, so you should not have those keywords in non-normative text at all? Most of the security section is just explanations of other normative requirements, as well as considerations that can't be formalized as requirements (such as "think about private browsing modes"). I don't think it makes sense to make this section normative. Instead, I will move that MUST NOT requirement (leaking info about installed apps) into a normative section, and rewrite the security section to be an explanation of those requirements, rather than a statement. There's a similar thing in a NOTE just under the share algorithm which will get the same treatment. |
It is now written as an explanation of requirements elsewhere in the spec. Closes w3c#40.
It is now written as an explanation of requirements elsewhere in the spec. Closes w3c#40.
Yeah, it's a bug to state normative requirements in non-normative text. If you're depending on RFC 2119 (either directly, or indirectly via Infra) then any occurrences of those words are to be interpreted as described there, so there's no getting around it. As you can see from my review of #44 there's a bit of an art to using other phrases (like "can" or "might") instead of these "reserved keywords". |
It seems like the section should just be marked normative
The text was updated successfully, but these errors were encountered: