On Wed, 14 Mar 2012 17:09:00 -0700 (PDT) David Chan wrote: > The analogous idea in the B2G world would be that Mozilla, > telcos, company foo could all run their own stores. If a user doesn't like > the policies of the existing stores, they can start their own. However, > there wouldn't be a way for Mozilla to say, "I trust store bar" so I'm > going to give them the same privileges as me.
You can just sign their key with a trust level, see the following links. Are you going to be able to trust a whole store or just individual authors though? https://wiki.archlinux.org/index.php/Package_Signing_Proposal_for_Pacman https://wiki.archlinux.org/index.php/Package_signing _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
