Le 18/06/2014 20:28, Jonas Sicking a écrit :
It would be great if we could get rid of the need for signing. However
for now they solve very important problems for us. For some APIs they
are the only ways to secure what could be argued are legacy features,
like TCPSocket, UDPSocket and System XHR (I.e. raw HTTP). Ideally
everyone would move to using WebSocket, WebRTC and CORS, but we're
likely many years away from that.
I'm not sure I understand this paragraph. How is WebSocket easier to
secure than SystemXHR, for instance?
Second, having to juggle multiple files can be a big annoyance. Anyone
who has created a HTML slide deck knows how annoying it is to then
send that slide deck to someone. You are forced to either do inlining
hacks like the ones described above, or to zip all dependencies into a
single file and then ask the person you are sending the deck to to
unpack them. Compare this to sending a keynote or powerpoint file to
anyone who can then simply double-click the file to watch it.
+1. But this will require a form of OS cooperation that is hard to
achieve, no?
So the question is, how can we make sure that packages have all the
benefits that normal webpages have today. I propose that we do the
following:
1. Create a new package format.
Have the existing packaging formats been investigated? Chrome extensions
and apps have a package format ending in .crx (if only we knew some
people who work on Chrome apps :-p). Maybe it already fits?
Likewise for Mozilla Jetpack extensions (.cfx). They're another way to
package a bunch of resources together.
I think Tizen has its thing as well (based on the W3C Widget spec IIRC).
Not only will finding the proper solutions here take a while, a lot of
this stuff needs to be standardized which means that it'll take quite
some time before we can rely on cross-platform solutions.
Has discussion already been engaged with other browser vendors or
mobile-web-app-platform vendors?
David
_______________________________________________
dev-b2g mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-b2g
