-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Backup solution when automatic update fails #345
Comments
Here's a proposal: Advise developers to add to their application's init code a snippet like this: if (![[SUUpdater sharedUpdater] isFunctioningProperly]) {
[[NSWorkspace sharedWorkspace] openURL:[NSURL URLWithString:@"https://example.com/update"]];
} and link the framework as optional. The
|
This is a really smart idea. +1 |
I will have to to run some experiments, but maybe some exception handling in SUUpdater - if an "emergency" URL is defined - could open the URL and maybe an alert instructing the user for the problem? I do like the idea of a fallback solution a lot. I am not sure about time issue - if the person prefers to close the internet connection/vacations/roaming or just poor network for a long period - this might do a false positive. Failing to update N times, definitively - I think this is might be more important then frameworks errors, and more unpredictable (security? crazy setup? bad permissions?) |
One thing to keep in mind: when servers get hacked (as it happened with Transmission for example), Sparkle users are safe, and only direct downloads get infected. But if we send users to the site to download files manually, then attackers can abuse that by deliberately breaking the feed to get more users directed to the infected website. So we can safely send users to the website in case Sparkle is broken on the client side (damaged framework, broken code signing), but need to carefully evaluate what to do in response to server-side errors (e.g. wait a few days? only redirect on manual check?) |
Whoa, good point. Didn't think that far. What about a hard-coded "Get in touch via email" option in some cases? (Will there be cases left where manual download is a good option at all, then?) Another option: tell them to manually download a new version but not open it directly for safety reasons, instead run it through a new Sparkle Failed Update Helper that does the safety checks. -- The problem with this even more complicated approach: it will also produce warnings when devs change signatures in cases of loss. |
e-mail is not a good option. It's not scallable for apps with many users, and teaching users to download things from strangers' e-mails is not a safe idea either. A helper that can securely verify a download is already like having half of Sparkle, so that's probably too much complexity for a fail-safe backup. |
We have info-only updates which handles a large portion of these cases.
|
I think it's best to just add safeguards against the most common ways integration of Sparkle fails that we see out in the field. |
One time I broke Sparkle integration in my application, I didn't notice the bug, and I've released an update to everyone that couldn't update itself. I've got all my users stuck on an old version :(
There are also other possible failure scenarios, e.g. an OS upgrade may break Sparkle in some way, developer may lose their private key, etc.
So I think there should be some bulletproof fallback solution, e.g. open URL to app's website when the app can't update itself, so the developer can explain the situation and offer manual download.
The text was updated successfully, but these errors were encountered: