On 22/03/12 07:32 AM, Jim Straus wrote:
2) have the developer specify their code resources in a manifest/receipt and
have the manifest include a signature from the store (or at least a hash if
the whole manifest is signed) for each f those code resources.
One slight distinction there. Once the developer has settled on the
manifest, as the description and link to the app, then this can be
signed or commented on *by multiple agents* not only the shop.
So, if you release your happy humphries app, I can sign it with my
review key saying it was cool. Luke can sign it with his coder's key
saying it was safe. A shop can sign it saying it was IP-sound. etc etc.
What and how these comments/signatures/claims are delivered is a wider
application question. The point is that these claims are now
distributed and robust to all the normal single points of failure that
bedevil Apple store and google store and so forth.
I don't know whether this makes a separate design under your 1,2 above.
One question: has it been decided that dynamic delivery of code is a
requirement as such? If it is, more thinking to be done. (by all, I
suspect :) )
iang
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
