Closed
Bug 375359
Opened 17 years ago
Closed 17 years ago
Allow sandbox add-ons to get updates
Categories
(addons.mozilla.org Graveyard :: Administration, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: clouserw, Unassigned)
References
Details
We discussed this in IRC a bit tonight, and decided to file a bug about it to at least get the discussion in one place. Currently, when an add-on in the sandbox looks for an update, it's returned a blank rdf indicating no update is available. I think sandbox add-ons should be able to update themselves. If an add-on is not public, it can still have a following, and those people should be able to get updates. The worry here is, the sandbox is basically an unchecked arena, and a safe add-on one day could become a malicious one the next (through an automatic update). Despite being a real concern, I don't think it warrants shutting off updates for these add-ons all together. I'm, of course, open to hearing scenarios that I haven't thought of that makes this policy appropriate. :)
Comment 1•17 years ago
|
||
If we were to make an admin interface for the blocklist, I'd be more comfortable with this.
If I have a public add-on installed, and there's an update for it in the sandbox, should I get offered that update? I think that this is a manifestation of the issue that the sandbox is two things: - replacement for the review queue - place for not-prime-time add-ons that would have survived the review process in v2 (not dangerous or malicious, just not polished or extremely niche) The first set of add-ons I don't think should get updates. The second set probably should.
Updated•17 years ago
|
Component: Add-ons → Administration
QA Contact: add-ons → administration
Right now, I think this is WONTFIX. It basically amounts to unchecked installation of software on users' computers, since the sandbox is not screened at all.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → WONTFIX
Comment 5•16 years ago
|
||
Should be able to know that there is a new version at least even if it is the extension in the sandbox.
Mmm, so I don't want to reopen this bug, but there's an additional issue -- an addon that's in the sandbox also can't have its version compat numbers changed, even if no new code is actually submitted. That should be a safe operation.
Comment 7•16 years ago
|
||
Vlad, I think version bumping in the sandbox should work, I've filed bug 435102 to help us track down and fix the issue.
Comment 8•16 years ago
|
||
I recognize that the adding on in the sand box is before a review basically. If a user install the add-ons of the sand box, and a user uses it, I think that it is necessary for the new version of the add-ons to know what is released at least. Because the user must know it quickly when some kind of bugs and a revision of the security matched. Otherwise the reason is because the user will continue using it with having had serious malfunction. Even if the automatic update is unnecessary, however, I think that it is necessary that It is notified of whether a new version is released at least.
I fully support Alice's request to at least NOTIFY the user... There is currently NO WAY for a user that has sandboxed extensions installed on his machine to perform a global check on updates, just to know which ones have evolved. It is a painful operation, extension after extension. Or maybe, more than just notifying, add the sandboxed new version to the list of to-be-updated extensions in the extension manager, but by UNCHECKING this extension in the list by default. Then no automatic update would occur, but the user can choose to include a new sandbox version all the same. Should a new bug be open for that simpler purpose?
Comment 10•15 years ago
|
||
I agree with Alice's request, specifically there should be a marking on the Tools, add-ons listing perhaps "Experimental" in red italics in describption area of list, or perhaps a solid green circle with a white "E" in lower right corner of the icon in listing. Would also like something that can be easily added to extensions such as InfoLister (https://addons.mozilla.org/firefox/447/)
Comment 11•15 years ago
|
||
I'm just going to quickly mention that the request to at least notify users of experimental addons of sandbox updates has been filed. https://bugzilla.mozilla.org/show_bug.cgi?id=481893
Assignee | ||
Updated•8 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•