[throw7]

My jotted down notes:

1. all major vendors (google, mozilla, webkit) want to remove xslt

2. chrome does not have resources to support xslt

3. removing/disabling xslt will be a slow methodical process. don't panic.

4. when opening a proposal change, a pull request of code changes is mandatory to show exact changes; it is not a "countdown to merge"(sic)

5. info that leaks to the public should include context or links to full context

6. removing xslt support in browsers is not good or bad, but "it depends"

[Springtime]

Some of the things that stood out to me about the news:

- The thread by the Chromium dev proposed what was originally a 1MB minified polyfill for the Javascript only XSLT calls that in just the last few days has grown to 3MB minified. XSLT was beneficial in the browser because it was native, while a 3MB polyfill is a rather big ask to suggest as a per-site replacement for anything meant to be snappy on slower connections.

- It seems from various mentions the catalysts for this to surface now were the sole maintainer for the XSLT library used in Chromium expressed having trouble maintaining it some months back and left it to a different sole maintainer, along with a recently disclosed vulnerability in that particular library. Firefox OTOH is said to use a different XSLT library.

- Chromium team routinely awards vulnerability discovery bounties in the tens to hundreds of thousands of dollars. Just the other week they awarded $250k to an author who discovered a tricky Chromium exploit. I'd be curious if they've funded development of the XSLT library they use in the past as it seems like they'd rather just be rid of it.

- Within days of posting the open question to the working group and a week prior to the PR of the spec removal a Chromium ticket by the author set milestones for XSLT removal in Chromium. It seems it's less a tentative proposal and more leading by example.

[dkiebd]

3. It will eventually be removed. Does it matter whether it will take three months or three years? Since I suppose none of the browser vendors will give developers money to change their xslt usage in codebases for something else.

5. Funny that we are talking about "info that leaks to the public" when we are discussing standards that may be important to billions of people, as if keeping things private was reasonable.

[magicalist]

> Funny that we are talking about "info that leaks to the public"

It's a poor choice of words by the GP. This was a public discussion, what would be private about it?

Rather it "leaked" from people with shared context to people without it. The point of the article is that since the discussion is public, there will be people that come across it without context, so it would be a good idea to include context in these kinds of discussions in the future:

> If a removal discussion is going to be held in public, then it should assume the general public will see it and provide enough context for the general public to understand the actual nature of the discussion.

[basscomm]

> Does it matter whether it will take three months or three years?

It does!

I run a small hobby site built with XML and XSLT because I'm not a great programmer, but XSLT is something I can actually wrap my head around and use without too much fuss. If support goes away I need to know how much time I have to rewrite/migrate my site to something else.

[goyagoji]

I find it bizarre. I think we obviously we want to be able to run pages from 2015 far in the future but certainly for a few more years.

As a browser maker, why would you even put this work in for cordinated processes instead of investing in a way to patch away your native code and do that continuously at a slow pace for every aging feature?

[meepmorp]

> Since I suppose none of the browser vendors will give developers money to change their xslt usage in codebases for something else.

Let's turn that around: are you willing to pay a browser vendor to keep supporting xslt so you can keep your codebase unchanged?

[sugarpimpdorsey]

> Does it matter whether it will take three months or three years?

Do you think it matters to the guy that said he has an entire factory with IoT machinery that uses XSLT?

Should they shut the factory down?

[lenkite]

I wish there was a way to fund XSLT feature in browsers. Chrome team should just open up a funding for features page.

[danaris]

How could #2 possibly be true without it being a deliberate choice on Google's part? They have staggering, absurd amounts of money. If they needed more resources allocated to Chrome, they could just do that.

[andybak]

This is addressed directly in the linked article. "Google" and "the Chrome team" are not the same entity.