- From: Drew Wilson <atwilson@google.com>
- Date: Thu, 26 Mar 2009 14:16:27 -0700
On Thu, Mar 26, 2009 at 1:19 PM, Alexey Proskuryakov <ap at webkit.org> wrote: > > But I was looking at this in terms of a model for users, not any specific > security threats - if we think of persistent workers as an equivalent of > native applications that need installation, then we should consider that > native applications don't usually update themselves without user consent. > It seems like a common model is for offline-enabled applications to store their javascript in the ApplicationCache, and encourage users to create desktop links to access those apps even when offline. Should these applications (which for all intents are "installed") also prompt users before updating? Are you suggesting that user agents may want to require explicit user permission when any application invokes ApplicationCache.update()? That might be a reasonable approach if a given user agent wants to enforce some kind of "no silent update" policy... -atw -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090326/d721a586/attachment.htm>
Received on Thursday, 26 March 2009 14:16:27 UTC