What section 7 does not say is "HTTPS access will NOT attempt to deliver
unsecured content". I get really annoyed by sites that are lazy and refer to
random images that are outside the security scope. Mixed content should be
explicitly forbidden in this SOW.
Tony
-----Original Message-----
From: ietf [mailto:ietf-bounces(_at_)ietf(_dot_)org] On Behalf Of Joe
Hildebrand
Sent: Monday, June 20, 2016 11:53 AM
To: Randal Atkinson
Cc: ietf(_at_)ietf(_dot_)org
Subject: Re: www.ietf.org Revamp Update
On Jun 18, 2016, at 2:47 PM, Randal Atkinson
<rja(_dot_)lists(_at_)gmail(_dot_)com> wrote:
Jari,
While the idea of a web site update is fine, the information supplied
about the new website at the URL in the note posted recently was —
oddly — missing what might be the most important pieces of information
for an IETF web site:
- Will the new web site be fully compliant with applicable IETF and
W3C standards ?
- If yes, will this include, for example, HTML5 compliance ?
- If yes, how is standards compliance being verified ?
IMHO, we ought not be deploying an IETF web site that is not fully
compliant with appropriate Internet standards, whether our own
standards or W3C’s standards.
In specific, I believe IETF ought NOT be deploying a website with
proprietary stuff.
As the project manager for the website revamp:
As Section 7 in the Scope of Work linked from the update blog post
(https://iaoc.ietf.org/documents/IETF-Website-SOW-20140604-Final.pdf)
indicates, the new website must be built with HTML5 and other open web
standards. We will be verifying this before accepting delivery from the
vendor.
Also, we've been careful to tell them that the site has to work (although
perhaps without as many bells and whistles) if JavaScript is disabled in your
browser.
Finally, if the community finds places that we've missed for some reason,
we will accept bug reports, as usual.
--
Joe Hildebrand