On 31 January 2015 at 11:25, <[email protected]> wrote: > I think for issues that require certification, the key thing is allowing > them to be updated separately or in a more controlled way. I am thinking in > apps or parts of the system that affect regulated features (e.g. Dialer and > Emergency Calls, Notification System and Cell Broadcast...) or features > that if broken might lead to network/user issues with the carrier > (Connectivity and SMS...). For these parts of the system, I think being > hosted/packaged is not important if we provide: > > - A way to ensure the regulatory requirements are fulfiled in every > situation (e.g. Emergency Call can be done even when no data connection is > available) > - Provide a way to test/verify the changes by carrier/OEM/regulator > before making them available to end-users. >
Interesting. > > What I see as the more difficult part to achieve a fully hosted device is > that many of the APIs are currently certified APIs, and I am not sure how > far are we from having a Security Framework that allow hosted content > access this kind of APIs (e.g. Telephony or Messaging APIs). > I think you're right, the security model is the big missing piece. I also think part of this is designing new APIs which *are* safe to expose to the web, which can be hard. We do actually now have an API which can safely expose telephony and messaging type features to the web, it's WebRTC. It's directly exposing telephony APIs for the legacy PSTN phone system and all the regulatory hurdles that come with that which has proved challenging. Beyond that, I think everything else could be updated separately and > without any strict certification/IOT testing (e.g. Gallery, Music Player, > E-mail, Calendar...). > > We are working in a detailed analysis about which features could be in > each of these two buckets from our point of view and based on the testing > that is currently done. We'll share it publicly as soon as it's ready. > That would be interesting to see. On 31 January 2015 at 11:32, <[email protected]> wrote: > This is a good challenge: make the flow Ben described before as simple as > zipping a file for a developer. We are already working in something > similar, I hope we can share it soon. > Agree, I think good developer tools could be an important part of the solution. _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
