[whatwg] whatwg Digest, Vol 82, Issue 10

On Tue, Jan 4, 2011 at 7:07 PM, Seth Brown <learc83 at gmail.com> wrote:
> I couldn't agree more that we should avoid turning this into vista's UAC.
>
> Maybe developers could make changes infrequent enough that users
> wouldn't be bothered very often? They could encapsulate the device
> access logic into one .js file that shouldn't be regularly changed.

Please don't restrict my ability to update my software with an
annoyingly-designed security system.  Whether I believe that rapid
updates or slow, well-tested updates are a better model for my web
app, I shouldn't be forced into one or the other because of a security
model that annoys the user every time I change something.

And: it still doesn't help.  Asking a user whether changes to a
Javascript file are okay is meaningless.  Regular users don't know
Javascript; there's no way they can know whether to accept a change or
not.  No general security model can be built around requiring the user
to understand the technical issues behind the security.

-- 
Glenn Maynard

Received on Tuesday, 4 January 2011 16:15:50 UTC