Comment by dagmx

8 days ago

Why does it matter if Apple themselves don’t link the WebKit docs? It’s literally their project and seems to meet their requirements.

There’s a lot of things in the requirements like funding that Apple cannot verify. I think you’re being too binary in this.

Some of it is very clearly intended to be a “show us you are at least considering these security measures and have practices in place to minimize known issues”. Again, for the third time, it’s clearly NOT a list for ongoing perfect security, given that there are other items on the list that deal with further mitigation strategies.

4 comments

dagmx

Reply
bangaladore  8 days ago

> It’s literally their project and seems to meet their requirements.

This is meaningless. Apple can carve out special exceptions for themselves all day long.

  • dagmx  8 days ago

    What is the exception? I’m saying they meet the same requirements they are asking for other browsers.

    This is literally the question I started this thread with and you have gone in to a loop of saying “they can’t enforce this” without any response of substance.

    • bangaladore  7 days ago

      Your "substance" is "trust Apple will enforce something correctly where there isn't a correct answer". I don't agree with that. Apple has a history of interpreting things favorably for themselves and locking 3rd parties from doing the same things for wave hands reasons.

      If you are going to make guidelines, make them evaluable. These aren't. If you care about memory safety, either say use a memory safe language or point to an exact reference guide to use to allow XYZ language to satisfy it.

      1 reply →