Confirm
717
edits
Changes
→Format for trusted and certified apps
1) Extend appcache manifest to include hashes, and the app store would sign the whole thing (add magic crypto dust here). This would allow app assets to still live on website, but have many of the benefits of code signing. This has issues with defining a clear application scope (i.e. need a separate app domain from the origin domain)
2) Use existing code/widget package format. We get the benefit of a well-tested format, and the developer doesn't have to pay for domain registration, hosting, SSL certs, etc. We also get a well-defined domain for each app (ex. jar://myapp). See [[Apps/Security/Distribution]] for ideas.
3) We should not invent Yet Another Installer Package
