Automatic Script Updater
Sven Krohlas
sven at asbest-online.de
Thu Oct 8 11:32:15 CEST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Heya,
> I just had a talk with Will Stephenson and he raised the point that we
> should instead release the scripts separately and have distros package
> them as a seperate package for easy updating. This way we would not
> need to take care of security ourself and have a known distribution
> path.
For scripts shipped with Amarok this sounds like the best way.
Thinking about it Jakobs scheme has the problem that old, vulnerable
script files are still available system wide, they are just not being
used as the ones installed by the user are being preferred. But the
clean solution would be to fix the ones the system provides for all
users at once.
For Windows and Mac, as Mark pointed out, the situation is different.
Here we do not only have the problem to upgrade scripts, here the whole
Amarok installation will become outdated. So we need a way to tell the
user to upgrade Amarok as a whole. A part of this upgrade can be fixed
(first party) scripts.
Anyway, the proposed scheme sounds really good to me to upgrade third
party scripts. Currently Internet browsers have this problem, too, they
need to help users upgrade their plugins (esp Flash and Java), as those
third party plugins are newerdays primary targets for attackers.
For that case maybe scripts could ship a public key (that itself could
be signed by us) so script authors could use their own key to sign updates.
I really think we should have a look at how Firefox does it. Their system
provides users with fast upgrades to the latest versions. And also recommends
updated extensions. We don't have to reinvent the wheel. :)
As I see it we have two upgrade mechanisms there:
1.) one for the application itself and
2.) one for (third party) extensions.
1.) should be done with package management, if available. if not: we need to
do it ourselves.
2.) is stuff that sould work the same way on all platforms using Jakobs
implementation
- --
Darkerradio Free Music Charts:
http://www.darkerradio.com/news/free-music-charts-september-2009/
Klarmachen zum Ändern! -> http://www.piratenpartei.de/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iEYEARECAAYFAkrNsZ8ACgkQOOggGLjBlhavbQCfVAYOeNe6h7ssOvmQfjvKSfBx
x4sAn2kJLwlitMx+4ng2iufTpaMiQOsd
=06KX
-----END PGP SIGNATURE-----
More information about the Amarok-devel
mailing list