Recommendation to frequently update reading system engines

[iherman]

This came up at the discussion with @GJFR at the EPUB meeting: is it worth adding a recommendation in the spec whereby reading system vendors should update their distributed devices and apps regularly, to keep up with the security refresh cycles of their core web engines?

@wareid @bduga

[iherman]

The issue was discussed in a meeting on 2022-06-09

List of resolutions:

• Resolution No. 2: Close issue 2323 as won't fix.

View the transcript

2. Recommendation to frequently update reading system engines.

See github issue epub-specs#2323.

Dave Cramer: recommend RS should update their distributed devices and apps regularly.
… not sure if this will change behaviour of RS vendors.

Wendy Reid: i like the spirit of this recommendations, but it doesn't seem testable or enforceable. Also not sure if it will happen, as updating these things is more fraught than necessary.

Brady Duga: it might be out of your control. Google has a browser based version, so if user updates their browser, then RS is updated. Android update will update the browser..
… Google can't make Apple update embedded hardware.
… recommendation won't change that.

Matt Garrish: this is kind of like a recommendation that RS vendor who abandon support should pull their app from circulation.

Ben Schroeter: similarly, we could also recommend that users update their browsers too.

Dave Cramer: yeah, and HTML spec doesn't recommend that users update browser.

Wendy Reid: I think this came up specifically in reference to kindle software using old webkit, similarly difficult to update on old Linux devices.

Dave Cramer: I think there are RS where even if they wanted to update some components it is not possible, codebase is too old, original devs are gone.

Brady Duga: I know people who update webview and it's really really hard to do it without breaking things.

Dave Cramer: another factor is that you have the ability to mitigate some of these issues in different ways.
… given that these are complicated systems, its not just the rendering engine that controls user experience.
… not seeing a lot of appetite for this.

Proposed resolution: Close issue 2323 as won't fix. (Wendy Reid)

Dave Cramer: +1.

Ben Schroeter: +1.

Wendy Reid: +1.

Matthew Chan: +1.

Matt Garrish: +1.

Toshiaki Koike: +1.

Shinya Takami (高見真也): +1.

Masakazu Kitahara: +1.

Brady Duga: +1.

Resolution #2: Close issue 2323 as won't fix.