That was the point of what I said in the previous message. The default security level wouldn't prompt users every time a script changes. But for users who are interested and do understand what's going on--they have the option of checking to see if a script has changed and can do some more verification.
On Tue, Jan 4, 2011 at 7:15 PM, Glenn Maynard <gl...@zewt.org> wrote: > And: it still doesn't help. Asking a user whether changes to a > Javascript file are okay is meaningless. Regular users don't know > Javascript; there's no way they can know whether to accept a change or > not. No general security model can be built around requiring the user > to understand the technical issues behind the security.