- Where: zoom.us
- When: May 11th, 4pm-5pm UTC (May 11th, 9am-10am Pacific Time)
- Location: link on calendar invite
None required if you've attended before. Send an email to the acting WebAssembly CG chair to sign up if it's your first time. The meeting is open to CG members only.
The meeting will be on a zoom.us video conference. Installation is required, see the calendar invite.
- Opening, welcome and roll call
- Opening of the meeting
- Introduction of attendees
- Find volunteers for note taking (acting chair to volunteer)
- Adoption of the agenda
- Proposals and discussions
- Review of action items from prior meeting.
- Present and discuss Interval Primitives (Kloud Koder)[40 mins]
- Present and discuss Multiprecision Primitives (Kloud Koder)[10 mins]
- Present, discuss and poll Wasm CSP recommendation to WebAppSec WG (Francis McCabe)[10 mins]
- Closure
- Thomas Trankler
- Derek Schuff
- Francis McCabe
- Ben Titzer
- Chris Fallin
- Paul Dworzanski
- Luke Imhoff
- Arun Purushan
- Lars Hansen
- Alex Crichton
- Dan Gohman
- Rick Battagline
- Mingqiu Sun
- Alon Zakai
- Paolo Severini
- Keith Miller
- Sam Clegg
- Zalim Bashorov
- Jacob Abraham
- Daniel Miller
- Yury Delendik
- Jakob Kummerow
- RYan Hunt
- Daniel Wirtz
- Deepti Gandluri
- Thomas Lively
- Nick Fitzgerald
- Jlbirch
- Manos Koukoutos
- Sabine
- Flaki
- Emanuel Ziegler
- Rich Winterton
- Ross Tate
- Slava Kuzmich
- David Piepgrass
- Heejin Ahn
- Petr Penzin
- Garret Gu
- Present and discuss Interval Primitives (Kloud Koder)[40 mins]
- Present and discuss Multiprecision Primitives (Kloud Koder)[10 mins]
These presentations were postponed to a future meeting due to technical issues.
Present, discuss and poll Wasm CSP recommendation to WebAppSec WG (Francis McCabe)[10 mins]
DS: the previously-agreed thing, is that the same but with a different name?
FM: yes. I prefer the one without unsafe-eval
DG: I’m curious to hear from the other vendors?
LH: I don’t think we have any concerns about the proposal as written
KM: I agree with Lars, I think we want to have this capability
FM: In the absence of a formal vote, I’ll propose we rename this wasm-unsafe-eval and propose to web-app-sec on May 18, a week from today.
Naming?
DP: I for one prefer wasm-eval
FM: I do too; but I also don't want to delay this for the ultimate bikeshed
RT: “Unsafe” seems like bad branding?
FM: W3C TAG design principles #104 document recommends prefixing particularly dangerous operations with “unsafe”. Maybe JS itself should be marked unsafe, by the same logic.
ZB: Replace “eval” with “exec”?
RT: or "compile" - it seems the unsafe aspect is that the code can by dynamically determined
BT: Many long conversations with web platform people about the “wasm-unsafe-eval” vs “Wasm-eval” We settled here to make progress.
Connotations from JavaScript unfortunately carried over. Probably not worth bike shedding, thus here we are