Rob Hudson wrote:
> Brian Smith wrote:
> > #2 is important so that nobody can trick the web server into asking
> > the user to replace one app with another (unrelated) app that the
> > marketplace has signed.
>
> The way the "v1" blocklisting was spec'd, this is required to
> blocklist apps.
Let's say the app is "Chess" and that the marketplace generates a UUID for the
app of 702e8e70-81a1-4eed-8d81-dc4c84ac2cfd. Then, the first version of the app
released in the marketplace would be:
(702e8e70-81a1-4eed-8d81-dc4c84ac2cfd, 1)
Then, let's say we blocklist "Chess." Then we'd update the mini-manifest to
point to a new version of the app package that contains the contents of the
"this app is blocklisted" app, using the same UUID and a higher version:
(702e8e70-81a1-4eed-8d81-dc4c84ac2cfd, 2).
Then, let's say "Chess" is updated and we un-blacklist it. Then, the new
mini-manifest would point to the new version of the app package that would have
the same UUID and a higher version number:
(702e8e70-81a1-4eed-8d81-dc4c84ac2cfd, 3).
Now, let's say that the maker of "chess" renames it to "Chess with Imaginary
Friends". Then, the renamed app "Chess with Imaginary Friends" would be:
(702e8e70-81a1-4eed-8d81-dc4c84ac2cfd, 4).
Now, let's say that somebody else publishes an app called "Chess". That app
would be:
{325e56eb-f207-4c36-82d7-da17671baa07, 1}.
(NOTE: I use UUIDs here but the app ID wouldn't necessarily have to be a UUID;
just something unique per appstore.)
Cheers,
Brian
_______________________________________________
dev-webapps mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-webapps
