On Sat, Mar 10, 2012 at 4:44 AM, Jonas Sicking wrote:
> However if you instead make the dialog say "This website is trying to
> get your current location. What do you want to do?" with two buttons
> that say "Give my location to website" and "Deny access", then you
> have a better chance of getti
On Fri, Mar 9, 2012 at 8:16 PM, Jonas Sicking wrote:
> User control:
>
> I think it's very important in all this that we put the user in
> ultimate control. I don't think we want to rely on the user to make
> security decisions for all APIs, however I think it's important that
> we enable users to
2012/3/8 Jim Straus :
> Hello Adrienne -
> Thanks for the good thoughts. I think we all 100% agree that installation
> time is the wrong time to ask. I'm wondering about your thoughts on asking
> for all permissions at the same time (in a list, with the option to
> selectively allow different
On Thu, Mar 8, 2012 at 2:25 AM, Jonas Sicking wrote:
> Hi All,
>
> I'm way over due to write a proposal for the Open Web Apps and
> Boot-to-Gecko security models.
>
> Background:
>
> In general our aim should always be to design any API such that we can
> expose it to as broad of set of web pages/
On Thu, Mar 8, 2012 at 1:48 PM, ptheriault wrote:
> Jonas,
>
> Thanks for taking the time to document your thoughts. I also caught up with
> Chris Jones from B2G yesterday to go security, and we discussed app
> permissions as well. I have written up a couple pages of notes, but I'd like
> to a key
On Sat, 10 Mar 2012 00:33:36 +
lkcl luke wrote:
> in the case of the debian distribution, that's encoded into the
> /etc/apt/sources.list file. if users edit that file and start adding
> e.g. "deb http://debian-multimedia.org";
If your looking at distro package signing. archlinux.org has ju
On Thu, Mar 8, 2012 at 9:48 PM, ptheriault wrote:
> Chris brought up the issue of regulatory controls for functions like the
> dialer. (e.g. phones always need to be able to make emergency calls).
the experience of the OpenMoko project i believe is relevant here.
their infrastructure was so to
> On Mar 9, 2012, at 3:31 AM, Lucas Adamski wrote:
> Also how will a user know which store's to trust?
[apologies to the dev-security list, the reply i wrote went to the
original recipients, i hadn't noted the addition of dev-security as it
was later in the thread. you can see a copy of what i
On Thu, Mar 8, 2012 at 8:31 AM, Lucas Adamski wrote:
> Hi Jonas,
>
> Thank you for sending this out! I really like the model overall.
>
> With sensitive APIs, even if a 3d party vouches for the capabilities of the
> app, I believe we would still want to communicate that to the user somehow at
>
- Original Message -
From: "Lucas Adamski"
To: "Asa Dotzler"
Cc: "Jared Wein" , "Kev Needham" ,
"security-group group" , "Madhava Enros"
, "Stephen Horlander" , "Justin
Dolske" , mozilla-dev-secur...@lists.mozilla.org
Sent: Thursday, March 8, 2012 1:02:24 AM
Subject: Re: Opt-in activat
10 matches
Mail list logo
