Jonas Sicking schrieb:
I've written a new document which documents the OpenWebApps/B2G model in more detail: https://wiki.mozilla.org/Apps/SecurityDetails
I read through this and it looks good to me (taken my unease with packaged apps aside), even though I wonder if there's intended uses that the CSP of privileged apps prohibits (but I guess it's better to restrict more for now and see if any problems come up, relaxing in some cases later is easier than restricting later). Also, the signing and update models will be interesting pieces as well once we have them. :)
That said, I wonder if we'll have some way to allow developers to run an unpackaged privileged app in some form during development. We should enable some rapid development possibilities, i.e. directly editing a file, ideally on a desktop/laptop computer and immediately test the change on a B2G device (esp. as some of the APIs they might develop for are only available on that device). Developers shouldn't need to re-package, re-sign and update the package for every typo they made. OTOH, of course, we want to make sure a normal user cannot inadvertently get to running something with such a developer hack. Yes, I know, sounds like a can of worms, but that one was really opened when packaged apps were introduced. ;-)
Robert Kaiser _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
