On Aug 6, 2014 1:07 AM, "Tobie Langel" <tobie.lan...@gmail.com> wrote: > > On Aug 6, 2014, at 8:50, Jonas Sicking <jo...@sicking.cc> wrote: > > > On Tue, Aug 5, 2014 at 4:12 AM, Anne van Kesteren <ann...@annevk.nl> wrote: > >> On Thu, Jun 26, 2014 at 2:17 PM, Anne van Kesteren <ann...@annevk.nl> wrote: > >>> On Wed, Jun 18, 2014 at 8:28 PM, Jonas Sicking <jo...@sicking.cc> wrote: > >>>> However if we can enable developers to sign their own applications, > >>>> rather than having to have them signed by the marketplace, then that > >>>> would still mean that developers could roll out updates as quickly as > >>>> web developers do today. I.e. no need to wait for review from a > >>>> marketplace. > >>> > >>> Could you elaborate on this? I thought part of the point of allowing > >>> certain features to be used was that we could inspect the code and > >>> make sure nothing malicious was going on. Do we actually secure things > >>> in a different way? > >> > >> Still interested in this. > > > > *If* we enable developer signing, the idea would be that we somehow > > verify that a developer is a "good guy", rather than doing the current > > verification that the app is a "good app". > > > > This could be done by for example requiring the developer to sign some > > form of contract, and make sure they know what the UX/privacy/other > > requirements are for the various APIs, and make it clear that we'll > > revoke access if those requirements aren't met. > > > > So very fluffy ideas. I'm always looking for better solutions if you have ideas. > > Has only exposing a predefined and limited set of APIs at runtime been > considered? This would allow developers to ship self-signed updates as > long as they kept within the bounds of the API surface they initially > defined. They could go beyond those bounds, of course, but APIs would > just throw or noop. Changing these permissions would need extra > approval by Mozilla (or other third parties trusted by the user) and > end-users would be alerted to the new capability requirements of the > app on update.
We would definitely do this. Any time we enable a developer to do self-signing we would also include a list of APIs that they could get access to. The developer would always be able to enumerate a shorter list in its app manifest, but if they wanted more than what Mozilla originally granted, they would have to go to mozilla and ask again. / Jonas
_______________________________________________ dev-b2g mailing list dev-b2g@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-b2g
