> > The > > selfhost issue Jonas brought up doesn't seem to apply if the > > packages > > are signed. > > self-host... selfhost... i'm lost. sorry. do you have a reference > (wiki URL) which explains? >
The scenario is more complicated than I remember. > > I could host my own app and have it on the store at the same > > time. There is still the question of granting permissions. I'm not > > sure > > if the store is the proper entity to decide whether an app can > > obtain > > permission X/Y/Z. > > *deep breath*.... :) > > the permissions need to be codified in some format (text file?) > which > is incorporated into the OS once they're downloaded, unpacked and > installed. > > however because those permissions *are* just "a text file", they > *can* be included.... as part of the GPG-signed package (by the > developer) :) > > not only that, but prior to the FTP Masters letting it out the door, > they can review the permissions file. if the permissions are > ridiculously over-permissive, the FTP Masters really should not sign > the package. > > meaning, it wouldn't get released. which, unfortunately, makes the > people managing the store the equivalent of "apple". whoops. but, > there you go. it seems to work for debian, but that's because they > have 1,000 people with a ring-of-trust, and those 1,000 people are > often *not* the developers of the package. they have some free time > to give, and a reputation to maintain. > > ultimately, the _store_ doesn't decide... but a human does. > > l. > _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
