On Tue, May 5, 2015 at 7:14 PM, Paul Theriault <[email protected]> wrote: > While I'm all for simplification, installation is a useful metaphor for > signalling user intent. Removing installation leaves us limited to prompts > only. Prompts are pretty limited in terms of a security mitigation and we > will have a hard time authorising access to the privileged APIs, especially > (but not only) those which are currently granted without user consent > (implicit permissions). And we are not talking at all here about > extensions/add-ons which afaik is a key part of ignite. I think there is a > still case for install, especially for "add-on" content. > > So I imagine something more like this: > > Content (linkable, no install required) > Web Content > Web Apps > Signed Web Apps (for APIs with prompt only) > > Add-ons (not linkable? installed via install step) > Signed Web Apps (apps that need access to more sensitive or implicit APIs, > or things we generate with customiser etc)
Yeah. Sorry. I simplified a bit too much. I do indeed think that we still need installations for things that change behavior of other content (be that gaia content or content from other websites). Navigating to a new keyboard makes as little sense as navigating to a greasemonkey script or navigating to an ad blocker addon. So I do indeed think that we need installations for addons. And that we should use addons for things like new keyboards and new homescreens. We should also enable creating addons which implement security policies, privacy policies network policies or even SMS/phone policies. I'll write more about addons separately. / Jonas _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
