Automatic Script Updater

Peter Zhou peterzhoulei at gmail.com
Mon Nov 2 12:43:51 CET 2009 

On Mon, Nov 2, 2009 at 5:33 PM, Jakob Kummerow <
jakob.kummerow at googlemail.com> wrote:

> > Seems I missed this important thread. Sorry for missing Jakob's hard
> > work! I agree that we can use the auto updater for the built-in
> > script. But why we need a public/private key validation when we are
> > using our own centralized server.
>
> We need signatures to prevent the injection of malicious scripts into
> Amarok by means of taking over our server, or performing a
> man-in-the-middle attack, or whatever. The signature makes sure that
> wherever an update comes from (compromised server, untrusted network,
> local cache/proxy, ...), if it has been tampered with since it was
> signed by one of our devs, it will get rejected.
>

I agree with this.

>
> > For the 3rd party script, I still insist that we should use
> > kde-app.org since the big change would be very expensive. We should
> > definetly make gns to support versioning and updating.
>
> The current implementation allows us to deploy updates for any script
> that we like, including 3rd-party (since code-wise there's no
> distinction between the two). Of course, this does not in any way
> prevent us from implementing an additional, independent updating
> system for 3rd-party scripts.
>
> The main difference I see is this:
> Our own scripts are part of Amarok's core functionality, which we want
> to make sure is available to our users at all times. If one of our
> scripts that uses an external website breaks because that website
> changes, I like having the ability to fix it instantly without
> releasing a new Amarok version. An automatic updater that simply works
> in the background without user interaction achieves just that.
> For 3rd-party scripts, the situation is different: We don't create
> those scripts, we don't care so much about what they are doing, we
> don't fix them if they break, so deploying updates for /them/ isn't
> quite as urgently interesting for us. Updating them (semi-)
> automatically would just be a convenience feature for users, who so
> far have to search for updates manually if they want any.
>
> Since we can't control their contents/behaviour, I'm also not sure
> whether it would be a good idea to update 3rd-party scripts
> automatically (think about injecting malicious code again), which
> leads me to the following two-fold long-term proposal:
> - An automatic updater (more or less exactly as it is implemented
> now), using our own server, and our own signatures, to be used for our
> own scripts, and, in case we wish to do so, select 3rd-party scripts.
> - An information message for the user about available updates for
> 3rd-party scripts located on 3rd-party servers (such as kde-apps.org),
> that either says "Please use the Script Manager dialog to perform the
> updates" or "Click 'yes' to apply the updates now" or something to
> that effect.
>
> I never doubt the demand for the auto script updater or at least a version
checker. But I would really prefer a simple way to do it instead of adding
new dependencies and tons of new code.
 What I was thinking about is an update of GNS, making it
supports signatures and versioning. And using GNS doesn't mean we have to
use kde-apps.org. We can have our own centralized script release platform by
using GNS.

I would prefer adding the patch(the updater) to GNS instead of applying
directly into Amarok. We can then auto update our built-in script by our own
server, and auto update 3rd party scripts by kde-apps.org or whatever.

A case where I imagine we might want to deploy an update for a
> 3rd-party script on our server would be if we release a new version of
> Amarok that changes something internally, which leads to the old
> version of a 3rd-party script crashing consistently, and we get sick
> of telling hundreds of people on IRC to manually apply the update.
>
>
What I concern is not where we put the upgrades. But the way we put it.
Making new changes will more or less upset the script developers.

I will have a deeper look at the code committed and try to figure out the
possibility of applying the code to GNS(or even make our own copy of GNS for
now).


Thanks again for the great efforts made.


-- 
Best Regards,
Peter Zhou
-------------------------------
http://www.peterzl.net/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.kde.org/pipermail/amarok-devel/attachments/20091102/e235d084/attachment.htm

More information about the Amarok-devel mailing list