Labs/Jetpack/JEP/29: Difference between revisions

Jump to navigation Jump to search

Labs/Jetpack/JEP/29 (view source)

Revision as of 18:23, 9 October 2009

319 bytes added ,  9 October 2009
→‎Social Factors: added more
m (→‎Social Factors: typo fix)
(→‎Social Factors: added more)
Line 115: Line 115:
In general, Jetpack manifests aren't intended to be read by non-technical end-users. Rather, they're intended to be read by reasonably technically experienced AMO reviewers and other trusted advisors&mdash;individuals who, for example, know what DNS and filesystems are but not necessarily what an <tt>XPCNativeWrapper</tt> or a security principal is.
In general, Jetpack manifests aren't intended to be read by non-technical end-users. Rather, they're intended to be read by reasonably technically experienced AMO reviewers and other trusted advisors&mdash;individuals who, for example, know what DNS and filesystems are but not necessarily what an <tt>XPCNativeWrapper</tt> or a security principal is.


This audience is expected to compare the manifest with whatever the Jetpack purports to do, as well as take into account any additional social and technical factors, and make a decision about the potential legitimacy of the Jetpack. This decision is then used to advise non-technical users on whether they should trust the Jetpack.
This audience is expected to compare the manifest with whatever the Jetpack purports to do, as well as take into account any additional social and technical factors, and make a decision about the potential legitimacy of the Jetpack. This decision is then used to advise non-technical users on whether they should trust the Jetpack. This means that if a trusted authority has reviewed the Jetpack, they will sign its code, and end-users will be presented with a relatively benign user interface when installing the software.


Without even a cursory review of a Jetpack by trusted human beings, the most the Jetpack Platform can do is present the user with some idea of the ''risk'' involved in installing the Jetpack.  Jetpacks which require high privileges and aren't signed by a trusted authority will thus cause the platform to present the user with a dire warning, and will probably require them to do something fairly cumbersome for installation, e.g. make them type the words "I AGREE TO EXPOSE MY PERSONAL DATA TO THEFT OR DESTRUCTION BY THIS JETPACK".  Jetpacks which require lower privileges, however, will present gradually friendlier user interfaces prior to installation.
However, without even a cursory review of a Jetpack by trusted human beings, the most the Jetpack Platform can do is present the user with some idea of the ''risk'' involved in installing the Jetpack.  Jetpacks which require high privileges and aren't signed by a trusted authority will thus cause the platform to present the user with a dire warning, and will probably require them to do something fairly cumbersome during installation, e.g. make them type the words "I AGREE TO EXPOSE MY PERSONAL DATA TO THEFT OR DESTRUCTION BY THIS JETPACK", or drag an icon of a syringe filled with murky fluid over an icon of a human being with their inner elbow exposed.  Jetpacks which require lower privileges, however, will present gradually friendlier user interfaces prior to installation.


== Sample Code ==
== Sample Code ==
Varmaa
874

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/174601"

Navigation menu