> Ben Francis: > Are we happy with a packaged model for trusted apps going forward, or is > now the time to embrace the challenge of making trusted apps genuinely part > of the web?
Packaged are IMHO the best part of FireFox OS so far, being simple and solving the problem effectively. appcache is complicated and unreliable by design: when you need the cache, it won't just be to save on download rates or response time, it'll be because the network could be unreachable, and you need every resource predictably available, including those that you need to report the error to the user * updating a single coherent zip in the background is preferable to piecemeal update when resources are accessed, and also more reliable. Strictly speaking, you don't have to support multiple versions of the app, you can just block when the package isn't up to date (just like a non-packaged website version would block, stall or require the user to refresh) * package review and centralized revocation might be preferable to trusting the host url "blindly", no matter how many levels of automated security are involved. This is in part why the app model has been successful: people don't trust an url (they can't, not without a significant technical baggage, and even then...), you trust a marketplace and its review protocols, you trust a company name, and you trust the marketplace to have verified and certified that name. > Benjamin Smedberg : > To solve the problems mentioned by TimBL, we should just make sure that > servers can serve up a packaged app at a URL I would argue that the web should be going the way of packaged apps, and standardize that. After all, a lot of the recent communication protocols are just dancing around the concept of downloading everything at once in consolidated form (SPDY, I'm looking at you), and then keeping a cache of it. Maybe it's time for a return to KISS principles? All in all, the piecemeal loading of resources that is the hallmark of the web-based URL approach serves only two purposes: being able to start an app without having all the resources (but at the cost of a greater latency, and the risk of future failure should a resource be suddenly inaccessible), and aggregating content and code from multiple hosts and origins (but is that really desirable these days?). App offline and start behaviors are still key, and anything that requires online access to downloading code or resource (vs just the useful dynamic data) is still going to be problematic for many years. A mobile device is connected most of the time, but may not be when the user needs it, so background connection time should be leveraged to keep everything updated so it's ready when needed, and the packaged app model answers that, while the web model fails. Eric _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
