Re: Security use cases for packaging from Yan Zhu on 2015-01-29 (public-webappsec@w3.org from January 2015)

From: Yan Zhu <yzhu@yahoo-inc.com>
Date: Thu, 29 Jan 2015 21:40:42 +0000 (UTC)
To: Chris Palmer <palmer@google.com>
Cc: "public-webapps@w3.org" <public-webapps@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <77001987.1619783.1422567642748.JavaMail.yahoo@mail.yahoo.com>

chris palmer wrote:

> But other code from the same origin might not be signed, which could
> break the security assertion of code signing.


Maybe the code from the downloaded package has to be run from a local origin like chrome://*.

Received on Thursday, 29 January 2015 21:41:37 UTC