<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div> That's right - same as any sandboxing technique really.</div><div><br></div><div>The difference is that building a sandbox for C++ is very expensive. The Chrome sandbox is a large, complex endeavour. This is partly because you don't have type-level isolation, so everything has to be message passing based.</div><div><br></div><div>Whereas you can sandbox stuff on the JVM more easily because the platform was designed for that from the start, and the memory safe nature simplifies things quite considerably. You can much more easily do method calls and pass objects across the boundary, as long as you are careful.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Aside from that, what's the use case scenario for allowing people to<br>
downgrade? I guess it's to promise people "Upgrade the app, and if you<br>
don't like where I moved your cheese[0] you can go back?" </blockquote><div><br></div><div>Partly that and partly in case you ship a regression or bug that only affects some users.</div><div><br></div><div>From a security perspective, being able to temporarily pin yourself to a particular version means you can choose to wait longer to get more assurances about a new version. Of course if the new version has security fixes, that is a gamble .....</div><div><br></div><div><br></div></div></div></div>