El viernes, 30 de enero de 2015, 20:22:15 (UTC+1), Benjamin Francis escribió: > On 30 January 2015 at 19:10, Andrew Overholt <[email protected]> wrote: > > > I would think we'd always want something required for certification to be > packaged or built-in or something. > > > > Before Gaia apps were packaged apps we used to pre-populate an appcache when > generating a profile to flash to the device. We could do the same thing with > a Service Worker cache, maybe even sign the cache [1]. Or we could use a > package, but use a pre-cached copy of a signed hosted package [2] which has a > real URL and can be updated without updating the whole OS. > > 1. https://groups.google.com/forum/#!topic/mozilla.dev.webapi/PicfHG9Figk > 2. https://bugzilla.mozilla.org/show_bug.cgi?id=1036275
I think for issues that require certification, the key thing is allowing them to be updated separately or in a more controlled way. I am thinking in apps or parts of the system that affect regulated features (e.g. Dialer and Emergency Calls, Notification System and Cell Broadcast...) or features that if broken might lead to network/user issues with the carrier (Connectivity and SMS...). For these parts of the system, I think being hosted/packaged is not important if we provide: - A way to ensure the regulatory requirements are fulfiled in every situation (e.g. Emergency Call can be done even when no data connection is available) - Provide a way to test/verify the changes by carrier/OEM/regulator before making them available to end-users. What I see as the more difficult part to achieve a fully hosted device is that many of the APIs are currently certified APIs, and I am not sure how far are we from having a Security Framework that allow hosted content access this kind of APIs (e.g. Telephony or Messaging APIs). Beyond that, I think everything else could be updated separately and without any strict certification/IOT testing (e.g. Gallery, Music Player, E-mail, Calendar...). We are working in a detailed analysis about which features could be in each of these two buckets from our point of view and based on the testing that is currently done. We'll share it publicly as soon as it's ready. _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
