Yes, this could work.
Would the app ID and version be a part of the "mini-manifest"? Or would
it be part of the app manifest that is contained within the package?
I'm assuming inside the package since you've said, "given two JAR files,
and no other information".
Thanks,
Rob
Brian Smith wrote:
Rob Hudson wrote:
Brian Smith wrote:
#2 is important so that nobody can trick the web server into asking
the user to replace one app with another (unrelated) app that the
marketplace has signed.
The way the "v1" blocklisting was spec'd, this is required to
blocklist apps.
Let's say the app is "Chess" and that the marketplace generates a UUID for the
app of 702e8e70-81a1-4eed-8d81-dc4c84ac2cfd. Then, the first version of the app released
in the marketplace would be:
(702e8e70-81a1-4eed-8d81-dc4c84ac2cfd, 1)
Then, let's say we blocklist "Chess." Then we'd update the mini-manifest to point to a
new version of the app package that contains the contents of the "this app is
blocklisted" app, using the same UUID and a higher version:
(702e8e70-81a1-4eed-8d81-dc4c84ac2cfd, 2).
Then, let's say "Chess" is updated and we un-blacklist it. Then, the new
mini-manifest would point to the new version of the app package that would have the same
UUID and a higher version number:
(702e8e70-81a1-4eed-8d81-dc4c84ac2cfd, 3).
Now, let's say that the maker of "chess" renames it to "Chess with Imaginary Friends".
Then, the renamed app "Chess with Imaginary Friends" would be:
(702e8e70-81a1-4eed-8d81-dc4c84ac2cfd, 4).
Now, let's say that somebody else publishes an app called "Chess". That app
would be:
{325e56eb-f207-4c36-82d7-da17671baa07, 1}.
(NOTE: I use UUIDs here but the app ID wouldn't necessarily have to be a UUID;
just something unique per appstore.)
Cheers,
Brian
_______________________________________________
dev-webapps mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-webapps
