Notifying users of changes to your #PWA is hard. We’re thinking about ways to make it easier by enabling you to include a version number and point to an HTML change log, RSS/Atom feed, or similar from within your web app manifest. Feedback appreciated!https://github.com/MicrosoftEdge/MSEdgeExplainers/blob/master/VersionHistory/explainer.md …
-
-
Replying to @AaronGustafson @slightlylate
Would be an interesting starting point for building binary transparency for PWAs if you require SRI on all resources and put a merkle tree root in the version metadata.
1 reply 0 retweets 0 likes -
-
Replying to @AaronGustafson @slightlylate
The general idea is to provide mechanisms such that PWAs can have the same degree of cryptographic attestation as a signed native binary package (such as an MSI). Right now it's arguably the only place where native apps can provide a stronger security guarantee than PWAs.
1 reply 0 retweets 2 likes -
Eric Lawrence 🎻 Retweeted Eric Lawrence 🎻
It'd be nice if we even had a "Don't cache if Content-Hash is invalid" header to mitigate /accidental/ screwups.https://twitter.com/ericlaw/status/1235992272262639616 …
Eric Lawrence 🎻 added,
1 reply 1 retweet 2 likes
This (signing etc) is what I want web packaging to solve
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.
