I really like the Kill Switch/EOL idea and having a "type" attribute to specify it, but I'm concerned that the Patch type could be a bit more problematic to get consistently implemented.
On 6 Feb 2011, at 17:15, Marcos Caceres wrote: > Opera would like to discuss adding the following attribute to the update-info > element of the widget Updates specification: "type". > > Details below... > > == The type attribute== > > The type attribute serves to inform the user of the type of update that will > potentially be performed on a widget. The type range from "update", "patch", > or "eol" (end of life/kill switch). For backwards compatibility, when the > attribute is missing or in error, the default behavior is to behave as an > update - like we currently do today (see Update below). > > <update-info xmlns="http://www.w3.org/ns/widgets"; > type="update|patch|eol"/> > > > === Update == > An update is a completely new version of the widget, where all the files of > the widget are replaced with the files contained in update. Effectively, an > update causes all the files in an installed widget to be deleted, and a new > widget to be installed in its place. Only the widget's id and Storage data > remain from one version to the next. This is the current and default behavior. > > Requirement: when the type attribute is missing, the user agent assumes this > an "update". Updates are always applied when the mime type of an update is > application/widget. > > Example: > <update-info xmlns = "http://www.w3.org/ns/widgets"; > src = "https://w.example.com/2.1/RC/app.wgt"; > version = "2.0" > type="update"> > <details> > Totally awesome new version! > </details> > </update-info> > > == Patch == > A "patch" is a partial update to only some files in a widget. Consider the > use case below. > > Patch Use Case: I have a cookbook extension that contains a bunch of videos, > audio, and graphics inside the widget (~500Mb). I've updated the javascript, > in only one file (say ~5kb worth of changes) and added/updated localized > content. As a developer, I only want to patch the affected file without > having to send the whole widget package as an "update". A patch would only > add or replace files already contained in the widget package. > > Requirements: > 1. Must work with the digital signing scheme for widgets. If the update is > patching a digitally signed widget, then the patch must contain a new > signature over every file in the widget that is equivalent to the widget > having been updated. > > Question: Do we need a new mime type for this? (e.g., > application/widget-patch). > > Example: > <update-info xmlns = "http://www.w3.org/ns/widgets"; > src = "https://w.example.com/2.1/RC/app.wgt"; > version = "2.1" > type="patch"> > <details>Fixed bugs and localized some content</details> > </update-info> > > > === End of Life - Kill Switch === > The "eol" (end of life) update allows developers to indicate that they are no > longer maintaining a widget or provides a means for developers and web site > owners to warn users of malicious widgets (or widgets that may have some > other issue). In any case, it serves as a kind of "kill switch". > > Use case - end of life: As a developer, I create widget X for user Y that > allows them to access temporary service Z. Service Z is only around for 24 > hours and widget X is useless without service Z. When widget X updates itself > after 24 hours, I send an "eof" update informing that user that the widget's > usefulness has run out. The user can then uninstall the widget. > > Use case - kill switch: As someone that runs a catalog, I discover that > widget X is malware. Because widget X is served from my catalog and gets its > updates from my repo, I can mark the next update to be "eol". I also include > a description for the author informing them about what issues where found. > > Example: > <update-info xmlns = "http://www.w3.org/ns/widgets"; > version = "2.0" > type="eol"> > <details> > A serious security issue was found in this widget. > It is highly recommended you uninstall it. > </details> > </update-info> > > > -- > Marcos Caceres > Opera Software >
smime.p7s
Description: S/MIME cryptographic signature
