- From: Marcos Cáceres <notifications@github.com>
- Date: Wed, 02 Feb 2022 17:18:17 -0800
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/manifest/pull/1011/c1028512928@github.com>
From our call today: For the purpose of updating, the following member are <dfn>security-sensitive members</dfn>, as they are presented during installation and on launch surfaces: * [=manifest/name=], * [=manifest/short_name=], * [=manifest/icons=] User agents SHOULD NOT automatically apply changes to [=security-sensitive members=] without [=express permission=] from the user. Instead, user agents SHOULD present changes to [=security-sensitive members=] with appropriate management options, so the user can make an informed decision about updating the web application. The user agent MAY automatically apply the changes if the update does not contain changes to [=security-sensitive members=]. Aside: A user agent won't not apply a partial update. For example, the user agent could present options to the user: Accept the update uninstall the web app, or report the website as abusive. The user agent could present Appropriate user agent options for the user , for example, Appropriate user agent actions could be, for example, to present the change to the user and provide the user with a means to uninstall the application or even report the website as abusive. -- Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/pull/1011#issuecomment-1028512928 You are receiving this because you are subscribed to this thread. Message ID: <w3c/manifest/pull/1011/c1028512928@github.com>
Received on Thursday, 3 February 2022 01:18:30 UTC