Michael Davidson wrote:
I didn't realize this. So you think that everything on
addons.mozilla.org is vetted enough to not include malware?
We try... Note that given the extension model you don't have to put a
binary blob in the extension either, since extensions can make HTTP
requests and write to files.
Do you think the existing FF install dialog gives enough warning that an
extension could outlive the browser process?
The dialog says "Install add-ons only from authors whom you trust.
Malicious software can damage your computer or violate your privacy".
I'm not a human-computer interaction expert, so I can't tell you how
scary that is to the typical consumer. Probably no more so than any
other dialog he sees. :(
Really, it sounds like you want something more akin to a Prism app [1] than
anything else. You don't _actually_ want to run gmail in a browser window.
You just want to deliver it over http:// and leverage a browser-like thing
on the other end for rendering it, right?
We'd like to not have to maintain two Gmail codebases, one for
installed usage and one for everyone else. Ideally the same code can
be used in an internet cafe and on the machine of someone who agrees
to install Gmail as an app. Prism might be similar to what we'd like.
Right; the whole point of Prism is that it needs no changes to the web
app, last I checked, while at the same time allowing it to have its own
process, window (possibly without the url bar and such, which makes a
lot less sense for a window dedicated to a particular web app), and
lifetime independent of the browser.
-Boris
