Es4-discuss Digest, Vol 8, Issue 44

Ric Johnson Cedric at OpenDomain.Org
Tue Oct 30 17:30:26 PDT 2007 

Douglas,

Thank you! I asked for a clear message, and you gave me one!

Don't we need the global object to be compatible?

Can you point to a suggestion of what use mere mortals may do to
influence the proposals? (Other than this on this list)

We may all agree that 'bloat' is bad.  We might not all say that ES4 is
bloated.  Do you want to use EcmaScript.Net as a place for your counter
proposal (yet another OpenDomain - when I am passionate about an idea, I
go all the way)

Politics is the art of compromise:  let us DIFF your proposal with ES4
and negotiate adding at least half the new features.  Can you agree to
that?  Will Microsoft put up a bond they will deliver the same on a
fixed date?  What would be in that pool of features you WOULD accept? 
What would be the features Mozilla would accept dropping?

Thank you for your reply, but I see we missed one important question: Can
you please make a statement to the effect that, to your knowledge Yahoo
and Microsoft do not have a 'deal' to impede Javascript2 based on
financial terms?

Thanks again
Ric
On 10/31/2007, "Douglas Crockford" <douglas at crockford.com> wrote:

>> Brenden is also correct:  If the working group voted and
>> the current
>> proposal won - it is better to have a stronger, more secure
>> language.
>> Sure they can argue it is bloated, but SO WHAT?
>
>The proposal is not a more secure language. It does nothing to address ECMAScript's biggest  design flaw: the insecurity caused its dependence on a global object. XSS attacks are a direct consequence of this flaw. By making the language more complex, this problem becomes even harder to reason about and fix.
>
>I have been bringing this up since my first day in the working group. This is not a concern that is being sprung at the last minute.
>
>The working group hasn't voted. The proposal has not won. We have agreed to disagree, developing two competing proposals in the same working group. I am pursuing with Microsoft a counter proposal for a simpler, reliable remedy to real problems. My position isn't that JavaScript doesn't need fixing. I think we need to be more selective in how we fix it. Bloat, in my view, is not good design.
>_______________________________________________
>Es4-discuss mailing list
>Es4-discuss at mozilla.org
>https://mail.mozilla.org/listinfo/es4-discuss

More information about the Es4-discuss mailing list