The future of P3P? (or not another MNG, I hope)

Skip to first unread message

Mike Connor

Apr 21, 2004, 11:11:30 PM4/21/04
For some time now, dwitte, mvl, and myself have been discussing what
to do with the p3p extension. None of us use p3p, none of us want to
own/maintain the code. In numerous IRC discussions with other people
in the community, no one has expressed any real desire to keep using
it. Of course, in its default configuration, it does relatively little
other than pop up an icon in the taskbar for cookies being set and
flagged (which in either Classic or Modern is mostly unobstrusive and
therefore mostly useless as a notification mechanism). So the value
of the code is dubious to start, and unmaintained to boot. There's
also the question of whether its actually useful in protecting privacy
based solely on vendor honesty.

All that being said, I would like to drop p3p from the list of default
extensions, and leave it intact as a compile-time option, and perhaps
later as an XPI drop-in. While embeddors may want to continue to
include it, as a default option it doesn't really seem to make sense
to continue maintaining it. There isn't any need to cvs remove it,
though. As a test, we could drop this for 1.8a to get a better
overall response to how many users really need/want this and would
actually notice if it was gone (and how many would really be affected
seriously by this is yet another debate).

In terms of how this would affect users, Firefox no longer builds it,
and hasn't exposed UI for it in well over a year, with barely a peep
from the userbase. Near as I can tell, Opera doesn't support P3P

The current list of p3p bugs that don't have any ownership:

Thoughts/discussion/angry flames welcome, come one, come all!

Asa Dotzler

Apr 22, 2004, 1:07:07 AM4/22/04

It doesn't seem to be a terrible buglist (about half aren't what I'd
even consider "bugs") but I'm generally in agreement that the
combination of the lack of ownership and the lack of community interest
(which determines if the component is getting tested, even on an ad-hoc
basis) make for a compelling case for disabling the feature.

I'd certainly support anything that moves us towards a simpler, more
intuitive cookie interface. I'm also supportive of moving un-owned and
under-tested features out of the default configuration where that's
easily done. With features that are already segregated by build-time
flags, it certainly makes it a lot easier :-)


Daniel Glazman

Apr 23, 2004, 10:38:44 AM4/23/04
Mike Connor wrote:

> All that being said, I would like to drop p3p from the list of default
> extensions, and leave it intact as a compile-time option, and perhaps
> later as an XPI drop-in.

Yep. Makes total sense imho.



Apr 24, 2004, 12:39:36 AM4/24/04
We had some pressure to implement p3p on our
Internet banking website but it looks like we are getting
less than 10 hits per month on the p3p file.

I think the question of privacy is very important
but it looks like p3p is a bust.

Axel Hecht

Apr 24, 2004, 4:56:53 AM4/24/04
Daniel Glazman wrote:

IMHO, either decide to drop it (and cvs remove it) or keep it visible.
Hiding it will just bitrot the code even more and is just asking for
more grief later.



Apr 24, 2004, 4:45:04 PM4/24/04

there's no need to CVS remove this yet. If it does actually bitrot,
we'll deal with it at that time.

Apr 24, 2004, 6:14:12 PM4/24/04
us...@domain.invalid wrote:

^^ me, oops

Asa Dotzler

Apr 29, 2004, 3:43:50 PM4/29/04

It may also be the case that others who are doing Mozilla-based products
or distributions are interested in building with this (if it hasn't
rotted completely) so I'd say let's not remove it unless/until it does
fall apart.


Reply all
Reply to author
0 new messages