To me these controls are not mutually exclusive, but rather a series of
controls that provide mitigations against slightly different threats.
1. Require the app host to have SSL?
2. Require the app to be static HTML/JS/CSS (and prevent loading of dynamic
code)?
3. Require the app to be hosted o
Comments in line below:
On Mar 21, 2012, at 6:05 PM, Ian Bicking wrote:
> On Wed, Mar 21, 2012 at 3:32 PM, Jim Straus wrote:
> As I've been reading, there are two divergent proposals for privileged app
> deployment. The primary concern is that the code that has been granted
> privileges is no
On 22/03/12 07:32 AM, Jim Straus wrote:
2) have the developer specify their code resources in a manifest/receipt and
have the manifest include a signature from the store (or at least a hash if
the whole manifest is signed) for each f those code resources.
One slight distinction there. Onc
On Wed, Mar 21, 2012 at 3:32 PM, Jim Straus wrote:
> As I've been reading, there are two divergent proposals for privileged app
> deployment. The primary concern is that the code that has been granted
> privileges is not changed so that malicious code can't get privileges. I
> think we want pro
As I've been reading, there are two divergent proposals for privileged app
deployment. The primary concern is that the code that has been granted
privileges is not changed so that malicious code can't get privileges. I think
we want protection for any privileges that are granted to an applicat
On Tue, 20 Mar 2012 23:21:54 +
lkcl luke wrote:
> good analysis of the alternative distributions. their analysis is
> shown here:
>
> https://wiki.archlinux.org/index.php/Package_signing#How_signing_is_implemented_in_other_distributions
I fired that page across earlier without such a good i
On Tue, 20 Mar 2012 22:08:01 +
lkcl luke wrote:
> please do instead consider
> this to be a funny joke, which i am sharing *with* you, rather than
> being one who is laughing *at* you. i trust that you understand that
> the difference is vital. one is a personal insult - tantamount to
> tec
