Hi Gerv,
On Thu, 17 May 2012 15:40:59 +0100, Gervase Markham wrote:
> My understanding was that a principle of the "Mozilla way" of doing app
> stores is that we wanted a variety of stores - anyone can set one up,
> and stores would compete on ease of use, etc. We are not trying to set
> up a third monopoly store alongside the iTunes store and Google Play.
> For this to work, stores should be able to collect web apps and offer
> them to people.
>
> However, the manifest value "installs_allowed_from" seems to work in
> entirely the opposite way; how could a new player enter the app store
> space if none of the existing apps could be installed through their
> store?
That's correct, a new player would have to convince existing app authors
to list their store URL in installs_allowed_from, or he would be limited
to apps that don't use installs_allowed_from since it defaults to "*".
> Could the team explain the purpose of this value? What security concern
> prompted its inclusion in the manifest format?
I'm not part of the apps team, but I guess the purpose is to prevent
rogue stores to sell apps without the author consent. As fas as I can
tell, this is totally possible with apps that don't use
"installs_allowed_from" or list "*" in the values.
Fabrice
_______________________________________________
dev-webapps mailing list
dev-webapps@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-webapps
