On Wed, 28 May 2008 11:10:56 +0200, Thomas Roessler <[EMAIL PROTECTED]> wrote:
2. Point to an XML file written in our custom XML format (described
below).
I'd drop that.
While more complicated, it buys a number of freedoms:
1. In the case that any security-related settings for the widget changes,
they can be reviewed automatically, or optionally manually by the user,
and download of an updated resource can be prevented if the updated
version is not acceptable. This is particularily important on slow
connections, since some widgets run into the megabyte range
2. It is possible to sign the update XML document, and verify the file
prior to downloading. An example here would be if a signed update document
pointed to an alternate download mechanism, such as a torrent or other P2P
technology, the document could itself be signed, and contain checksums for
the actual file.
--
Arve Bersvendsen
Developer, Opera Software ASA, http://www.opera.com/
