https://bugs.documentfoundation.org/show_bug.cgi?id=68274
--- Comment #44 from Markus Mohrhard <[email protected]> ---
And to make sure it is not only a rant but also shows some of the things that
any alternative would need to provide:
* cross-platform, at least Windows and Linux, OSX is a plus
* simple signing of the update files
* silent updater for limited user accounts on windows
(https://bugzilla.mozilla.org/show_bug.cgi?id=711475)
* verification of updater, updater service, and update file signature (e.g.
https://bugzilla.mozilla.org/show_bug.cgi?id=709173,
https://bugzilla.mozilla.org/show_bug.cgi?id=704285,
https://bugzilla.mozilla.org/show_bug.cgi?id=708854)
* a way to have the silent update service optional
* version checks for the update files (on the client side, needs to happen in
the updater)(https://bugzilla.mozilla.org/show_bug.cgi?id=708688)
* update service should drop all unnecessary permissions (might execute
untrusted stuff)
* a decent security review (e.g. at least the points raised by the Mozilla
security team need to be handled) (especially the silent update service is a
high risk piece of code)
* handling of staged updates on windows (work around for the nasty file is
still in use problem on windows)
Now most of the stuff is already implemented in our updater branch. I even
managed to get the update service building and have most of the security stuff
adapted to our code. To show that an alternative is better you need to cross at
least these points from the list and show that it is less work to integrate it
correctly than it is to finish the current code.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Libreoffice-bugs mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
