https://bugzilla.mozilla.org/show_bug.cgi?id=707625
after seeing in the page https://wiki.mozilla.org/B2G_App_Security_Model that the scope of the security model discussion is *specifically* restricted to "apps" i am rather concerned and alarm bells are ringing, so i raised the above bugreport. in the process of raising that bugreport, i had to of course select a component. the list of components showed this: "Boot2Gecko is Mozilla's complete operating system built on web standards" in case the critical words haven't sunk in, i'll highlight them: "Boot2Gecko is Mozilla's >>complete operating system<< built on web standards" as an "outsider" with a great deal of experience in different embedded linux operating systems, mobile phone technology, web technology, and SE/Linux, i'm seeing the discussion here as being primarily focussed around "that which the mozilla team members know best" - web technology *only*, and it's of some concern. so although the goal is "create a complete operating system", that goal cannot be taken seriously unless the security model takes into consideration the *entire* operating system. if you don't have the people in-house on the B2G team with the experience to tackle this, then you need to bring people in who *do* have the experience and the expertise. l. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
