On Tue, Feb 11, 2014 at 11:55 PM, Brian Smith <[email protected]> wrote: > > 3. Unlike before, if the path component of the URL of the page from > which you are installing the app starts with "/reviewers/", then we > would automatically verify the app signature using the reviewer root > instead of the production root.
This doesn't seem good. If we automatically and transparently switch to using the review certificate for review-only apps, then what do we accomplish by using a separate review certificate? Another thing to keep in mind is that a third party store could call installPackaged(url) and use a url located on the mozilla store. We definitely don't want it to be possible for an attacker to create an evil app, upload it to the store, have it automatically signed and then use their own website to get random unknowing users to install these after a normal install prompt. There needs to be some very explicit way for users to enable "installing experimental apps". Ideally this would involve more than just a checkbox in the settings app, but that would be ok too. / Jonas _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
