> Another problem, which isn't packaging specific but that is still > important, is how do we give a browsed-to app additional permissions > over what webpages have. Currently permissions are created by the > installation code, but that won't work for browsed-to privileged apps. > But by seeing that the user has browsed to a package which is flagged > with "this is a privileged app", we can run the extra steps of > verifying signatures and loading the application manifest inside the > package and grant the appropriate permissions requested there while > the user is using the app.
Maybe this is a stupid idea but: should we make it part of the standard that packages be nestable? I.e. I could have foo.package which contained an app, but also contained bar.package which was a set of subresources, perhaps those that needed certain permissions. So the user could load and start using foo.app, and we could check the signature on bar.app in the background but only when a resource in it was referenced and loaded would there be permissions-related UI. http://server.com/url/to/foo.webpackage!//subapps/bar.webpackage!//index.html Outer and inner apps would share the same origin and be able to reference one another's files. Gerv _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
