W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2011

Re: [widgets] New Widget Update Types: Kill Switch and Patch

From: Scott Wilson <scott.bradley.wilson@gmail.com>
Date: Mon, 7 Feb 2011 12:46:49 +0000
To: public-webapps WG <public-Webapps@w3.org>
Message-Id: <1426C7D8-C0E0-412D-9C15-CE5A0509E5DF@gmail.com>
I really like the Kill Switch/EOL idea and having a "type" attribute to specify it, but I'm concerned that the Patch type could be a bit more problematic to get consistently implemented.

On 6 Feb 2011, at 17:15, Marcos Caceres wrote:

> Opera would like to discuss adding the following attribute to the update-info element of the widget Updates specification: "type".
> 
> Details below...
> 
> == The type attribute==
> 
> The type attribute serves to inform the user of the type of update that will potentially be performed on a widget. The type range from "update", "patch", or "eol" (end of life/kill switch). For backwards compatibility, when the attribute is missing or in error, the default behavior is to behave as an update - like we currently do today (see Update below).
> 
> <update-info xmlns="http://www.w3.org/ns/widgets"
>             type="update|patch|eol"/>
> 
> 
> === Update ==
> An update is a completely new version of the widget, where all the files of the widget are replaced with the files contained in update. Effectively, an update causes all the files in an installed widget to be deleted, and a new widget to be installed in its place. Only the widget's id and Storage data remain from one version to the next. This is the current and default behavior.
> 
> Requirement: when the type attribute is missing, the user agent assumes this an "update". Updates are always applied when the mime type of an update is application/widget.
> 
> Example:
> <update-info xmlns   = "http://www.w3.org/ns/widgets"
>             src     = "https://w.example.com/2.1/RC/app.wgt"
>             version = "2.0"
> 	     type="update">
>  <details>
>    Totally awesome new version!
>  </details>
> </update-info>
> 
> == Patch ==
> A "patch" is a partial update to only some files in a widget. Consider the use case below.
> 
> Patch Use Case: I have a cookbook extension that contains a bunch of videos, audio, and graphics inside the widget (~500Mb). I've updated the javascript, in only one file (say ~5kb worth of changes) and added/updated localized content. As a developer, I only want to patch the affected file without having to send the whole widget package as an "update". A patch would only add or replace files already contained in the widget package.
> 
> Requirements:
> 1. Must work with the digital signing scheme for widgets. If the update is patching a digitally signed widget, then the patch must contain a new signature over every file in the widget that is equivalent to the widget having been updated.	
> 
> Question: Do we need a new mime type for this? (e.g., application/widget-patch).
> 
> Example:
> <update-info xmlns   = "http://www.w3.org/ns/widgets"
>             src     = "https://w.example.com/2.1/RC/app.wgt"
>             version = "2.1"
> 	     type="patch">
>  <details>Fixed bugs and localized some content</details>
> </update-info>
> 
> 
> === End of Life - Kill Switch ===
> The "eol" (end of life) update allows developers to indicate that they are no longer maintaining a widget or provides a means for developers and web site owners to warn users of malicious widgets (or widgets that may have some other issue). In any case, it serves as a kind of "kill switch".
> 
> Use case - end of life: As a developer, I create widget X for user Y that allows them to access temporary service Z. Service Z is only around for 24 hours and widget X is useless without service Z. When widget X updates itself after 24 hours, I send an "eof" update informing that user that the widget's usefulness has run out. The user can then uninstall the widget.
> 
> Use case - kill switch: As someone that runs a catalog, I discover that widget X is malware. Because widget X is served from my catalog and gets its updates from my repo, I can mark the next update to be "eol". I also include a description for the author informing them about what issues where found.
> 
> Example:
> <update-info xmlns   = "http://www.w3.org/ns/widgets"
>             version = "2.0"
> 	     type="eol">
>  <details>
>    A serious security issue was found in this widget.
>    It is highly recommended you uninstall it.
>  </details>
> </update-info>
> 
> 
> -- 
> Marcos Caceres
> Opera Software
> 



Received on Monday, 7 February 2011 12:47:24 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:43 GMT