On Thu, Aug 9, 2012 at 1:57 PM, Robert Kaiser <[email protected]> wrote: > Jonas Sicking schrieb: > >> I've written a new document which documents the OpenWebApps/B2G model >> in more detail: https://wiki.mozilla.org/Apps/SecurityDetails > > > I read through this and it looks good to me (taken my unease with packaged > apps aside), even though I wonder if there's intended uses that the CSP of > privileged apps prohibits (but I guess it's better to restrict more for now > and see if any problems come up, relaxing in some cases later is easier than > restricting later). Also, the signing and update models will be interesting > pieces as well once we have them. :) > > That said, I wonder if we'll have some way to allow developers to run an > unpackaged privileged app in some form during development. We should enable > some rapid development possibilities, i.e. directly editing a file, ideally > on a desktop/laptop computer and immediately test the change on a B2G device > (esp. as some of the APIs they might develop for are only available on that > device). Developers shouldn't need to re-package, re-sign and update the > package for every typo they made. > OTOH, of course, we want to make sure a normal user cannot inadvertently get > to running something with such a developer hack. > Yes, I know, sounds like a can of worms, but that one was really opened when > packaged apps were introduced. ;-)
We definitely need a better developer flow. Well, we need one at all :-) Once we have one defined I'll make sure to document it. / Jonas _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
