| 07:02 | <annevk> | Domenic: https://github.com/speced/bikeshed/issues/2270 might be of interest |
| 07:05 | <Domenic> | Yeah, I saw that. No strong opinion. |
| 07:42 | <annevk> | freddy: https://github.com/w3c/webappsec-csp/issues/243#issuecomment-2844102645 seems concerning, if strict-dynamic is still considered the best policy |
| 08:22 | <evilpie> | strict-dynamic is definitely far from the best policy. Maybe the easiest for some to get started. |
| 14:20 | <freddy> | Dunno if "best", it might just be that the success from Goog is specific to their org's shape rather than universally great 🤷 |
| 16:13 | <annevk> | freddy: I guess I'm trying to determine if we ended up in a situation where one part of Google cares about a particular shape of CSP and another part cares about module scripts, but never the two shall meet. |