On Fri, Jan 30, 2015 at 6:48 AM, Benjamin Francis <[email protected]> wrote: > There have been several proposals of how to provide privileged hosted apps, > including work around hosted packages [3] and discussions around a security > model.
Link [3] (bug 1036275) seems mostly about how to reference resources inside a zip file. It also seems to imply that the packaged app could be hosted anywhere, not via a marketplace? I would be interested to know how validation of the privileged app is done (this thing I agreed to access these APIs is still the same vetted thing). If there is some sort of signature checking going on, it would be great to see that extended to certified apps, where we allow certain signed apps access to the certified APIs. This sort of model would allow gaia apps to go hosted. They also likely need a way to make sure they can provide certain app bundles for certain gecko versions. Without those things, it is hard to see the gaia apps going to this model. We will continue to get new APIs that we will be expected to use behind a certified flag. The latest is the navigator.sync API. That API is a great one to have for battery concerns, but needs service workers to be fully realized, is still new, so it is a certified API. For users getting 2.2 though, ideally our apps would use the API in the effort to extend battery life. I would like to see gaia apps go to a hosted model (even just marketplace hosting), since it gives us a dogfood way to test how we expect other apps to be made. _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
