I look forward to being proven wrong. Appcache integration and leveraging SSL and jar infrastructure would certainly be a win. --scott On Sep 20, 2012 9:23 PM, "Jonas Sicking" <[email protected]> wrote:
> On Thu, Sep 20, 2012 at 12:05 PM, C. Scott Ananian <[email protected]> > wrote: > > On Thu, Sep 20, 2012 at 1:17 AM, Fabrice Desre <[email protected]> > wrote: > >> Read https://wiki.mozilla.org/Apps/PackagingProposal for the rationale > >> that lead us to use this packaged apps format. Trust us, this was not > >> "gratuitous". > > > > From the cited document, "Serving Privileged Apps from the Web Won't > Work": > > > > "The only way to really prevent this is to always use https to serve > > the resources. However, this can be a non-trivial cost for the app > > developer." > > > > wow. living in 1990 still, huh? > > > > The following paragraph (something about links to twitter) is pretty > > incoherent. It should be replaced with a reference to the Web Intent > > specification. > > > > I'd love to see a coherent argument, but this wiki doesn't really make > > it. It serves up some strawmen and complains that some things are > > harder that it would like. > > > > Here's a better proposal: you use a signed jar file (exactly, no > > inventing new signature formats and other craziness) to contains a > > bundle of files. > > What makes you think that we're not using a signed jar format? I don't > know exactly what the signature format looks like as I don't have > enough crypto chops, but I'm pretty sure we're trying to make it as > standard as possible. > > / Jonas > _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
