On Thu, Sep 20, 2012 at 12:05 PM, C. Scott Ananian <[email protected]> wrote: > On Thu, Sep 20, 2012 at 1:17 AM, Fabrice Desre <[email protected]> wrote: >> Read https://wiki.mozilla.org/Apps/PackagingProposal for the rationale >> that lead us to use this packaged apps format. Trust us, this was not >> "gratuitous". > > From the cited document, "Serving Privileged Apps from the Web Won't Work": > > "The only way to really prevent this is to always use https to serve > the resources. However, this can be a non-trivial cost for the app > developer." > > wow. living in 1990 still, huh? > > The following paragraph (something about links to twitter) is pretty > incoherent. It should be replaced with a reference to the Web Intent > specification. > > I'd love to see a coherent argument, but this wiki doesn't really make > it. It serves up some strawmen and complains that some things are > harder that it would like. > > Here's a better proposal: you use a signed jar file (exactly, no > inventing new signature formats and other craziness) to contains a > bundle of files.
What makes you think that we're not using a signed jar format? I don't know exactly what the signature format looks like as I don't have enough crypto chops, but I'm pretty sure we're trying to make it as standard as possible. / Jonas _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
