Closed Bug 368075 Opened 14 years ago Closed 13 years ago

Remove em:updateURL from Lightnings install.rdf and let addons.mozilla.org handle all updates

Categories

(Calendar :: Lightning Only, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: ssitter, Assigned: ssitter)

Details

Attachments

(1 file)

Currently Lightnings install.rdf file contains:
<em:updateURL>http://www.mozilla.org/projects/calendar/lightning/@TARGET_PLATFORM@/update.rdf</em:updateURL>

That means we have to maintain two places for updates: 1) our own update.rdf files on www.mozilla.org and 2) the information at addons.mozilla.org.

I would suggest to entirely remove the line from install.rdf. This makes Thunderbird always check addons.mozilla.org for the latest released version. The benefit would be that we have to maintain only one place for updates: the information at a.m.o.

Filing as UNCONFIRMED because I don't know if we want to give full control about updates.
Lightning trunk builds can't be installed in recent Thunderbird trunk builds because of the Add-on Security Restrictions changes (Bug 378216) that landed on trunk some days ago. The cause is the use of non-secure updateURL in Lightning.

This means we either should enable a secure updateURL for Lightning or 
confirm this bug and remove the updateURL from install.rdf.
Since Lightning is hosted on AMO, what would be the steps to getting us Secure Updates?  It seems like we should just point at an AMO server that does HTTPS.  No work on our part right? ;-)

FWIW, when we released 0.5 I saw this problem and removed the update URL from the install.rdf.

For my part, I would prefer to have updates enabled in Lightning.  I think it makes sense.  I don't think this needs to be fixed for 0.7 (we can just take out the update line for that release too), but I think for 1.0 we want users to have the ability to update the extension securely.
Since 0.5 already doesn't have the updateURL, we are updating against AMO, don't we? So if 0.7 lands on AMO, users could update 0.5->0.7.
First look, I don't see a real need to manage the update.rdf by ourselves, thus we IMO should remove the updateURL from install.rdf, like Stefan has proposed.

needs to be resolved for 0.7 => 0.7+
Flags: blocking-calendar0.7+
Confirming based on Comment #3.
Severity: enhancement → normal
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee: nobody → ssitter
Status: NEW → ASSIGNED
Attachment #279954 - Flags: review?(daniel.boelzle)
Comment on attachment 279954 [details] [diff] [review]
rev0 - remove updateURL from install.rdf

r=dbo
Attachment #279954 - Flags: review?(daniel.boelzle) → review+
Checked in on HEAD and MOZILLA_1_8_BRANCH.
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → 0.7
You need to log in before you can comment on or make changes to this bug.