w3c · Dp-Goog · Dec 8, 2025 · Dec 10, 2025 · Dec 11, 2025 · Dec 16, 2025
diff --git a/index.html b/index.html
@@ -1793,46 +1793,60 @@ <h3>
             </li>
           </ol>
           <p>
-            [=Security-sensitive members=] SHOULD be displayed in a
-            bidirectionally isolated way as described in [[UTS55]], regardless
-            of their direction.
-          </p>
-          <p data-cite="permissions">
-            User agents SHOULD NOT automatically apply changes to
-            [=security-sensitive members=] without [=express permission=] from
-            the user.
-          </p>
-          <p>
-            Instead, user agents SHOULD present changes to [=security-sensitive
-            members=] with appropriate management options, so the user can make
-            an informed decision about updating the web application.
+            All other members of the manifest are considered as a
+            <dfn>non security-sensitive member</dfn>.
           </p>
           <p>
-            The user agent MAY automatically apply the changes if the update
-            does not contain changes to [=security-sensitive members=].
+            A <dfn>security-sensitive update</dfn> is a significant change in one of the
+            [=security-sensitive members=], determined by the user agent. Respectively,
+            an update to a [=non security-sensitive member=] is a
+            <dfn>non security-sensitive update</dfn>.
           </p>
           <p>
-            If a user changes localization settings, the user agent MAY
-            automatically adjust the [=security-sensitive members=] visible on
-            launch surfaces to their localized representations specified in the
-            [=manifest/`*_localized`=] members. These changes SHOULD be
-            presented to users the next time they open the web application.
+            When considering a [=security-sensitive update=] for a [=manifest image resource=], 
+            the user agent SHOULD consider a [=manifest image resource=] updated
+            if the {{ImageResource/src}} member has changed. If the
+            {{ImageResource/src}} has not changed, the user agent MAY download the
+            image and check for visual differences in some cases. Finally, the user agent
+            MAY change a [=security-sensitive update=] in a [=manifest image resource=] to a
+            [=non security-sensitive update=] if the images are not significantly
+            visually different.
           </p>
-          <aside class="note" title=
-          "A user agent will not apply a partial update">
+          <aside class="note" title="Icon metadata changes">
             <p>
-              When the update contains changes both to [=security-sensitive
-              members=] and other members, a user agent won't automatically
-              partially update. For example, the user agent could present
-              options to the user:
+              The way a [=manifest image resource=] is parsed for updates is similar
+              to the `Cache-Control:immutable` behavior outlined in [[RFC8246]].
             </p>
+          </aside>
+          <p>
+            The user agent SHOULD apply all [=non security-sensitive updates=]
+            immediately.
+          </p>
+          <p data-cite="permissions">
+            The user agent SHOULD present all [=security-sensitive updates=]
+            to the user and require [=express permission=] before applying the
+            changes. The user should be given the option to either:
             <ol>
               <li>Accept the update
               </li>
               <li>Uninstall the web app
               </li>
+              <li>Ignore the update
+              </li>
             </ol>
-          </aside>
+          </p>
+          <p>
+            [=Security-sensitive members=] SHOULD be displayed in a
+            bidirectionally isolated way as described in [[UTS55]], regardless
+            of their direction.
+          </p>
+          <p>
+            If a user changes localization settings, the user agent MAY
+            automatically adjust the [=security-sensitive members=] visible on
+            launch surfaces to their localized representations specified in the
+            [=manifest/`*_localized`=] members. These changes SHOULD be
+            presented to users the next time they open the web application.
+          </p>
         </section>
       </section>
     </section>