Marcos
Thanks for taking the time to propose a revision to Widget Signature
based on your experience working on the test cases. This looks like a
very good improvement in readability and clarity of conformance
requirements.
From a technical point of view it looks to be fundamentally the same
to me, with a couple of changes noted here, though I may have missed
something in the large number of changes. Here are a few questions:
1. You removed requirement that signature be at root of widget
package? This seems an important requirement here for knowing which
signatures are valid (even if in packaging and config)
2. The following signature validation rule in section 6 seems
incorrect since it does not account for author signatures:
"A validator MUST ignore any file entry whose file name does not
conform to the naming convention for a distributor signature."
Change to:
"A validator MUST ignore any file entry whose file name does not
conform to the naming convention for an author or distributor
signature."
3. The abstract was revised to generalize beyond widgets, which I
don't understand given that the entire specification is widget
specific. What did you have in mind.
allow a packaged Web application such as widgets
4. Typo section 8, in note: Signign
Regarding process, some of the changes and deletions remove material
that was added through decision of the WG earlier - although to me it
appears to be an improvement. So we need WG to agree to accept
changes. Given that the conformance targets have been redefined, that
normative language has been removed or changed, is another full Last
Call (3 weeks) be required? Maybe, but I'm not sure since apart from
the questions above it looks like the same net effect on
implementations.
Thanks
regards, Frederick
Frederick Hirsch
Nokia
