| 123456789101112131415161718192021222324252627282930313233343536373839 |
- Notes on an auto updater:
- steve wants a "latest" symlink so he can always just fetch that.
- roger worries that this will exacerbate the "what version are you
- using?" "latest." problem.
- weasel suggests putting the latest recommended version in dns. then
- we don't have to hit the website. it's got caching, it's lightweight,
- it scales. just put it in a TXT record or something.
- but, no dnssec.
- roger suggests a file on the https website that lists the latest
- recommended version (or filename or url or something like that).
- (steve seems to already be doing this with xerobank. he additionally
- suggests a little blurb that can be displayed to the user to describe
- what's new.)
- how to verify you're getting the right file?
- a) it's https.
- b) ship with a signing key, and use some openssl functions to verify.
- c) both
- andrew reminds us that we have a "recommended versions" line in the
- consensus directory already.
- if only we had some way to point out the "latest stable recommendation"
- from this list. we could list it first, or something.
- the recommended versions line also doesn't take into account which
- packages are available -- e.g. on Windows one version might be the best
- available, and on OS X it might be a different one.
- aren't there existing solutions to this? surely there is a beautiful,
- efficient, crypto-correct auto updater lib out there. even for windows.
|
