On Mon, 19 Mar 2012 12:31:05 +0000 Ben Francis wrote: > A user granting permissions > expresses trust in the people hosting a web site/app, not the code itself.
No, it can be and is both or either. Take android. Some apps I trust the author and hope he's responsible with his signing infrastructure especially for timely updates, like firefox. Other's I build from source and sign myself. Very few websites that I visit, do I actually trust. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security