Intent-to-Remove: Invalidate "amp-foo-latest.js" alias in AMP4EMAIL

[dreamofabear]

Summary

Invalidate "amp-foo-latest.js" in extension scripts for the AMP4EMAIL spec.

For example, remove this line for amp-list:

amphtml/extensions/amp-list/validator-amp-list.protoascii

Line 35 in 185d498

version: "latest"

Motivation

Requiring explicit version numbers in extension scripts allows the AMP4EMAIL validator spec to control when to allow new extension versions.

For example, version 0.1 of extension amp-list is currently allowed in AMP4EMAIL. If/when 0.2 launches, it ought to undergo additional review to ensure it upholds the additional security/privacy invariants for email.

However, amp-list-latest is also currently allowed in AMP4EMAIL. So 0.2 may be inadvertently enabled in AMP4EMAIL without additional review.

This can be solved by disallowing amp-list-latest in the AMP4EMAIL validator spec.

Impact on existing users

Existing emails that use "latest" extension aliases will become invalid.

Alternative implementation suggestion for developers using AMP

Use specific version numbers in extension scripts instead. For example:

<!-- Don't use "latest" alias. -->
<script async custom-template="amp-mustache" 
  src="https://cdn.ampproject.org/v0/amp-mustache-latest.js"></script>

<!-- Use a hard-coded version number. -->
<script async custom-template="amp-mustache" 
  src="https://cdn.ampproject.org/v0/amp-mustache-0.2.js"></script>

/cc @ampproject/wg-amp4email

[dreamofabear]

/cc @honeybadgerdontcare