On 26 Mar 2012, at 18:57, lkcl luke wrote: > On Fri, Mar 23, 2012 at 10:12 AM, Scott Wilson > <[email protected]> wrote: >> See: http://www.w3.org/TR/widgets-digsig/ > > well now, scott - that is veeery interesting, and incredibly useful, > because it is *exactly* the same thing - bar the file-formats - that > all the top GNU/Linux Distributions do. > > thank you very much for this: i'll add it to the wiki in the section on > https://wiki.mozilla.org/Apps/Security#Secure_Application_Distribution
np :) > > btw do you happen to know of any actual implementations (especially > free software ones)? There is a GSoC project to implement it in Apache Wookie, which already has student interest, so I'm sure we'll have an open source implementation by the end of Summer :) On the commercial side, its been implemented by Opera, Nokia, Vodafone, Samsung, Obigo, RIM and a bunch of web TV platforms as its part of a lot of other spec stacks in the mobile and TV space such as WAC, MPEG-U, HbbTV, CMX (etc). There have been some packaging and signing tools supporting the specs issued as part of SDKs, e.g. the Vodafone widget packager and the WAC SDK (I think Samsung/Limo wrote that one). I think the Blackberry webapps signing tools also uses widgets-digsig as Blackberry Widgets are W3C Widgets - I seem to remember RIM open-sourcing most of their Widgets code last year so that may be another lead. > > l. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
