On Wed, 21 Mar 2012 01:01:55 +1100 ianG wrote: > If each site does their own code-review, then they lose. That's because > I can run a site that downloads off that site, and then pass on the > benefit of the code-review. I leach off of the costs incurred off the > primary site, and I can spend my resources on marketing not code review.
Ahh, but a site, be it community powered or commercially powered can make sure all of it's apps or a section of it's apps are audited and sign those already signed by the author apps with an appropriately name say email address tag (aka gpg) trus...@safeapps.net. This may help to make it the goto place. Your right though there's little to stop another company using safeapps.nets work to get another only signed by author copy and sign it with supertrus...@safeapp.net. I'm not saying it will take-off but it might especially for community powered apps and it would be good if the facility was atleast there to be used as this kind of thing is what the mobile app world really needs, rather than Apples false sense of security and preferential treatment. I think you would be surprised by the potential boost it could give B2G as it was expected the more Linux like Meemo would get. I'll try not to bring Nokias elop up, but what a terribly dumb thing. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security