Automatic Script Updater

Jakob Kummerow jakob.kummerow at googlemail.com
Mon Nov 2 10:33:48 CET 2009


> Seems I missed this important thread. Sorry for missing Jakob's hard
> work! I agree that we can use the auto updater for the built-in
> script. But why we need a public/private key validation when we are
> using our own centralized server.

We need signatures to prevent the injection of malicious scripts into
Amarok by means of taking over our server, or performing a
man-in-the-middle attack, or whatever. The signature makes sure that
wherever an update comes from (compromised server, untrusted network,
local cache/proxy, ...), if it has been tampered with since it was
signed by one of our devs, it will get rejected.

> For the 3rd party script, I still insist that we should use
> kde-app.org since the big change would be very expensive. We should
> definetly make gns to support versioning and updating.

The current implementation allows us to deploy updates for any script
that we like, including 3rd-party (since code-wise there's no
distinction between the two). Of course, this does not in any way
prevent us from implementing an additional, independent updating
system for 3rd-party scripts.

The main difference I see is this:
Our own scripts are part of Amarok's core functionality, which we want
to make sure is available to our users at all times. If one of our
scripts that uses an external website breaks because that website
changes, I like having the ability to fix it instantly without
releasing a new Amarok version. An automatic updater that simply works
in the background without user interaction achieves just that.
For 3rd-party scripts, the situation is different: We don't create
those scripts, we don't care so much about what they are doing, we
don't fix them if they break, so deploying updates for /them/ isn't
quite as urgently interesting for us. Updating them (semi-)
automatically would just be a convenience feature for users, who so
far have to search for updates manually if they want any.

Since we can't control their contents/behaviour, I'm also not sure
whether it would be a good idea to update 3rd-party scripts
automatically (think about injecting malicious code again), which
leads me to the following two-fold long-term proposal:
- An automatic updater (more or less exactly as it is implemented
now), using our own server, and our own signatures, to be used for our
own scripts, and, in case we wish to do so, select 3rd-party scripts.
- An information message for the user about available updates for
3rd-party scripts located on 3rd-party servers (such as kde-apps.org),
that either says "Please use the Script Manager dialog to perform the
updates" or "Click 'yes' to apply the updates now" or something to
that effect.

A case where I imagine we might want to deploy an update for a
3rd-party script on our server would be if we release a new version of
Amarok that changes something internally, which leads to the old
version of a 3rd-party script crashing consistently, and we get sick
of telling hundreds of people on IRC to manually apply the update.

Regards,
Jakob


More information about the Amarok-devel mailing list