[whatwg] Installed Apps

[Boris Zbarsky]

Michael Davidson wrote:
> I didn't realize this. So you think that everything on
> addons.mozilla.org is vetted enough to not include malware?

We try...  Note that given the extension model you don't have to put a 
binary blob in the extension either, since extensions can make HTTP 
requests and write to files.

> Do you think the existing FF install dialog gives enough warning that an
> extension could outlive the browser process?

The dialog says "Install add-ons only from authors whom you trust. 
Malicious software can damage your computer or violate your privacy".

I'm not a human-computer interaction expert, so I can't tell you how 
scary that is to the typical consumer.  Probably no more so than any 
other dialog he sees.  :(

>> Really, it sounds like you want something more akin to a Prism app [1] than
>> anything else.  You don't _actually_ want to run gmail in a browser window.
>>  You just want to deliver it over http:// and leverage a browser-like thing
>> on the other end for rendering it, right?
> 
> We'd like to not have to maintain two Gmail codebases, one for
> installed usage and one for everyone else. Ideally the same code can
> be used in an internet cafe and on the machine of someone who agrees
> to install Gmail as an app. Prism might be similar to what we'd like.

Right; the whole point of Prism is that it needs no changes to the web 
app, last I checked, while at the same time allowing it to have its own 
process, window (possibly without the url bar and such, which makes a 
lot less sense for a window dedicated to a particular web app), and 
lifetime independent of the browser.

-Boris