Re: [widgets] Comments on Widget Signature update (was RE: Widget Signature update)

Hi Frederick,

On 3/17/09 1:01 PM, Frederick Hirsch wrote:
> The latest draft includes the revised text from Thomas.
> Marcos, are you suggesting we add something more? It sounds like what
> you are saying here, is that it should be a valid widget file. Isn't
> that part of P&C checking? I'm not sure what it means to check that the
> paths are "as secure as possible."

You might want to check the following section of the P&C [1] and see if 
it is usable in dig sigs. Given that the paths in the <reference> 
elements MUST be zip-relative-paths, the rules for checking the validity 
of those paths may apply to the Widgets Dig Sig spec.


Received on Tuesday, 17 March 2009 12:16:37 UTC