On Mon, Feb 2, 2015 at 11:41 AM, Matěj Cepl <mc...@cepl.eu> wrote: > On Mon, Feb 02, 2015 at 07:56:44AM -0800, Fabrice Desré wrote: > >> What were their worries? Could you host your authenticator in you >> private network? >> > > Well, sorry, I thought it is obvious. THe worry was that the author of the > authenticator hosted on his website, can change the code underneath me and > use it for his nepharious purposes (like collect credentials to the Red Hat > internal network). Packaged app hosted on the Firefox Marketplace (or > perhaps downloaded and loaded from the local drive via adb/WebIDE) would be > less vulnerable against changes. > > Is it more clear now? >
Reminds me of this post from Christian Heilmann: http://christianheilmann.com/2014/12/08/the-next-ux-challenge-on-the-web-gaining-offline-trust/ Seems like improving trust in hosted web apps may require some kind of UX change. For example, ability to mark a particular page or app as being "offline only... ask before updating". Ben
_______________________________________________ dev-b2g mailing list dev-b2g@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-b2g