[fpgeek]

All of the developer certificates are ultimately signed by Apple. Outside of the Mac App Store they don't restrict your non-App Store API usage and they don't inspect each release of your application. Nevertheless, if Apple decides Mozilla doesn't get a certificate, that's that - installing Firefox with a warning becomes the best-case scenario (more or less).

[sipefree]

The same goes for if an SSL provider stops providing mozilla.com with a cert.

[glogla]

There are two key differences there: 1) There are many CAs you go to. 2) The CA has no financial interest in rejecting you. Neither goes for Apple.

[CountSessine]

Does Apple really have a financial interest in rejecting Firefox?

I bought several iOS devices understanding that the app market is an exclusive, curated, walled garden, with all of the advantages and shortcomings that that implies.

I'm a long time Mac user too, and an exclusive, curated, walled garden is most certainly not in line with my expectations on that platform. I'm happy to have the option of a curated marketplace, but if it's exclusive, I can tell you that I'm going to stop buying Macs - probably in favour of linux laptops. And I'm sure that I'm not alone.

That hardly seems to be in Apple's interest.

[glogla]

I know.

But Apple already rejected alternate browsers from iOS, they already demonstrated their willingness to abuse their power over iOS market, with dropbox, amazon, the ibooks debacle, and already set up barriers for developers on Mac OS, as if I remember correctly, the Gatekeeper license is supposed to cost serious money.

So I'm not exactly holding my breath, even though I'm writing this from a MacBook.

[CountSessine]

But Apple already rejected alternate browsers from iOS

Have they actually rejected alternative browsers? I know you can't execute mmap() on iOS to do javascript jitting, but have they actually rejected them for some other reason? Opera Mini is available, after all.

they already demonstrated their willingness to abuse their power over iOS market, with dropbox, amazon, the ibooks debacle

Well, I disagree with abuse. Remember that 99% of the programming guidelines that get apps rejected are to prevent egregious abuse of the end-user, like uploading the users whole address book to a server, logging IMEIs, or using trickery, obfuscation, and confusion to upsell iPhone users into cloud storage data plans.

If you're a 'rockstar programmer', and the only thing that matters is you and your fans, then iOS might not be the platform for you.

and already set up barriers for developers on Mac OS, as if I remember correctly, the Gatekeeper license is supposed to cost serious money.

It's $100 for the OSX developer program license, unless this has changed from when I last heard. And you don't need it anyways - just install with a warning. Why shouldn't the user get a warning when they're asking to install a program from an unknown and untrusted source?

So I'm not exactly holding my breath, even though I'm writing this from a MacBook.

I've been using Linux Mint 12 for some work tasks lately, and it's awesome. It's not OSX, but I know now that there's a viable alternative to OSX if Apple really messes things up.

[saurik]

You misunderstood the JavaScript issue: if you built a JavaScript interpreter (which people of course have, and which most of these JITs have as a fallback already) and used that to make a browser, you still would not be allowed in the App Store because you are downloading new code and functionality for execution to execute in a scripting engine that did not come with the iPhone.

[fpgeek]

3) (mostly Mozilla-specific) CAs need Mozilla far more than Mozilla needs CAs. Mozilla can always ensure that at least one major browser trusts their certificate, after all.

[sipefree]

The real point is that in any security architecture, at some point you end up trusting someone.

[ajross]

No one is complaining about signed/certified binaries from a security perspective. It's the process behind the signatures and certification that is at issue.