RFC-133: Evolving the Marketplace Trust Program (follow up to RFC-124) - Trust program requirement updates and validation steps

As I already mentioned, this rule can easily be circumvented. I understand the desire to prevent unrestricted network access and I don’t have a better idea to contribute. But maybe the rule should be dropped if it’s not possible to enforce anyway. Some apps also use wildcard egress to allow the usage of popups, which would become blocked with this rule, which might not be the intention of this rule.

To be clear, we wouldn’t be impacted by this rule, but I don’t think it fulfills the goal of having actual verification: