> Maybe the code from the downloaded package has to be run from a local origin 
> like chrome://*.

Doesn't the same issue that Chris raised still exist? You need a unit
of isolation that says "only code signed with this public key runs in
this isolation compartment". Chrome extensions have that model.
Whether we achieve this via origins, COWLs, or origin+key as the
identifier, is a separate question, but Chris' high level bit remains true.


Reply via email to