Skip to content
This repository has been archived by the owner on Jan 25, 2022. It is now read-only.

Add plugin update mechanism #45

Open
danfinlay opened this issue Oct 3, 2019 · 4 comments
Open

Add plugin update mechanism #45

danfinlay opened this issue Oct 3, 2019 · 4 comments
Labels
discussion enhancement New feature or request PROD-BLOCKER Issues that need to be resolved before this branch would ever be eligible for production.

Comments

@danfinlay
Copy link
Collaborator

Static plugins have limited utility:

  • They cannot receive improvements
  • They cannot improve fixes
  • They cannot receive security improvements

For these reasons, we should not ship any plugin system without a robust plugin-update system.

This thread will serve as a place to discuss the beginnings of this aspect of the system.
@danfinlay danfinlay added enhancement New feature or request discussion PROD-BLOCKER Issues that need to be resolved before this branch would ever be eligible for production. labels Oct 3, 2019
@Bunjin
Copy link

Bunjin commented Oct 28, 2019
edited
Loading

I'm still working on it but I had a few ideas about adding 2 features which plugins can requestPermission to use :

  • Track updates (maybe makes this a base feature for any snaps): This will track the url (http, ipfs, ens) where the snap is hosted and it can detect that the plugin was updated (we may need to add some signature mechanism to make sure that the url wasn't hijacked). Then it can propose to the user to manually update the plugin (maybe by using a list of your snaps and showing which can be updated, a la app store)
  • Auto update: requires track updates, and will automatically update once a upgrade is detected. (can only happen if the set of requested permission for the new version is not growing)

@Bunjin
Copy link

Bunjin commented Oct 28, 2019
edited
Loading

Related question:
Did you guys think about a mechanism for snaps requiring other snaps? (similar to dependencies)
Imagine I need a state channel snap for my gaming or dex snap.
If so, then we need a way to specifiy which version of the dependency snap is being used. And then potentially to handle several versions of the same snap in case a snap that requires it hasn’t updated to the latest version

@danfinlay
Copy link
Collaborator Author

The versioning question is important, and we had a good thread in a DM about this, sharing a bit here for others.

Basically, we think dapps/snaps should be able to request a security model for a dependency, and the user should be able to heighten the security around it (like requiring confirmation to receive updates).

3 options there too from the user perspective:

  • refuse trackUpdates and thus autoUpdate
  • accept trackUpdates but update manually
  • accept autoUpdate (trackUpdate required)

@Bunjin Bunjin mentioned this issue Oct 29, 2019
Open
@Bunjin
Copy link

Bunjin commented Oct 29, 2019

Yes I'm making another issue with the discussion about the security and updating models for snaps dependencies.

#81

@danfinlay danfinlay mentioned this issue Nov 12, 2019
Closed
@rekmarks rekmarks mentioned this issue Nov 27, 2019
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
discussion enhancement New feature or request PROD-BLOCKER Issues that need to be resolved before this branch would ever be eligible for production.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@danfinlay @Bunjin