Closed Bug 345500 Opened 14 years ago Closed 14 years ago

Add-on Extension update checking is currently disabled

Categories

(Calendar :: Sunbird Only, defect)

defect
Not set

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: mattwillis, Assigned: mattwillis)

Details

Attachments

(1 file)

We are disabling extension update checking by default.
Now that there are a couple of Sunbird extensions, should we enable this?
Changes the preference in sunbird.js that controls whether we check for updates to extensions or not from false to true.
Attachment #230183 - Flags: first-review?
Attachment #230183 - Flags: first-review? → first-review?(jminta)
Comment on attachment 230183 [details] [diff] [review]
rev0 - changes extension update pref to true

There are a ton of bigger questions that this patch entrains that aren't yet covered in comments this bug.  For instance:
1.) Are we sure extension updating works for Sunbird?
2.) Is AMO set up to handle this?  I'm pretty sure that extension updating works differently for extensions hosted there.
3.) Do we need to start concerning ourselves with blacklisting? (imagine innocuous extension updating to become a malicious one.)
and really
4.) What's our extension story?

I had a chat with shaver about this last week, and the general feeling seemed to be that we can't really push extension development too hard at this point.

If we can get some reasonable answers to at least some of these, I'll feel better about reviewing this patch.
This is a bug shaver would probably find interesting.
(In reply to comment #2)
> 1.) Are we sure extension updating works for Sunbird?
I am not. Since you've got some extensions pre-built for Sunbird, maybe we can play with updating those? ;)

> 2.) Is AMO set up to handle this?  I'm pretty sure that extension updating
> works differently for extensions hosted there.
It does work differently. Since I don't have access to the admin side of a.m.o, I'm not sure if anything else has to happen there for it to support Sunbird. Lucy or shaver would be good people to ask.

> 3.) Do we need to start concerning ourselves with blacklisting? (imagine
> innocuous extension updating to become a malicious one.)
Yes. We picked up all the blacklisting stuff that recently landed in the Add-ons Manager. We currently check for a blocklist. As of my last conversation with rob_strong, we're just waiting for the server side to be set up...and not just for Sunbird.

> 4.) What's our extension story?
That question seems too vague for me to realistically answer. Sunbird is a toolkit app that should be able to gain functionality via extensions. I think Lightning should be able to take advantage of extensions as well, although extension prerequisites would have to be sussed out in the Add-ons manager first.

Whether we should ship our core providers as extensions would be a good question to look at. We might be able to gain a lot in terms of ease of getting fixes out there for a particular provider if the extensions were set to auto-update. It could also make things like adding @YOUR_FAVORITE_CALENDARING_SERVER@ support more straightforward, especially once we add the "hooks" for the core providers.


> I had a chat with shaver about this last week, and the general feeling seemed
> to be that we can't really push extension development too hard at this point.
I'm not saying we should push it, but since there are some Sunbird extensions out there, I think we should use the update functionality, and if that functionality is broken, we should fix it. In addition, this may help us settle the "to ship or not to ship DOMi" situation. If we can easily get DOMi from a.m.o and have it update itself when reasonable, all of this is worth it.
Status: NEW → ASSIGNED
> 3.) Do we need to start concerning ourselves with blacklisting? (imagine
> innocuous extension updating to become a malicious one.)

Blacklisting is not effective against malicious extensions.  Its utility is mostly for cases in which an innocuous extension has an inadvertent security hole.
(In reply to comment #4)
> Whether we should ship our core providers as extensions would be a good
> question to look at. 

I really think we should not do that. The testing matrix becomes way too big. Instead of sunbird0.x, you are using sunbird0.x with ics0.y, storage0.z etc. Too may combinations.
When there are big bugs in core providers, we just need to ship a new version of the app.
Comment on attachment 230183 [details] [diff] [review]
rev0 - changes extension update pref to true

OK, I'm convinced enough that the AMO folks have a reasonable chance of supporting this to let it go in.  If there are any problems between now and release though, I'd probably rather see this backed out rather than chasing those down. r1/r2=jminta
Attachment #230183 - Flags: second-review+
Attachment #230183 - Flags: first-review?(jminta)
Attachment #230183 - Flags: first-review+
Patch checked in on MOZILLA_1_8_BRANCH and trunk.

-> FIXED
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
"Find Updates" is enabled if there is at least one extension - if there is only Talkback installed "Find Updates" button is disabled

I understand that find updates is not supported for themes?

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060901 Calendar/0.3a2+
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.