[new299]

> Yes, it could be hashed, but it isn't and there's no mechanism for this nor plans to build one.

That's kind of a shame. It would be nice if apps distributed over the web could be signed the same way they are from repositories.

> Not to mention that the browser itself presents a pretty large attack surface.

As does the operating system itself. I would have thought with a local (likely native) client, you just have one less layer to get through.

[lukeschlather]

> That's kind of a shame. It would be nice if apps distributed over the web could be signed the same way they are from repositories.

This sounds like a theoretical impossibility. The server's source code is by nature closed, and while the server could provide you a copy of the source with a signature, there's really no way for you to verify that the code you've been promised is the code that is running.

[new299]

A browser feature would be required that could calculate/display the hash of the delivered code and optionally verify it against a 3rd party server. Ideally you'd want have particular versions signed as "audited" etc.

I don't see how it's a theoretical impossibility.

[lukeschlather]

You're neglecting the server-side code. If you have access to the full source code to verify it, you're not describing a web service, you're describing a local application that happens to be implemented in a browser.

You already can distribute signed browser add-ons.