On 7/12/2013 12:49 PM, Gervase Markham wrote:
> We keep hitting cases where we would like Firefoxes in the field to have
> some data updated using a process which is much lighter in expended
> effort than shipping a security release. Here are some examples of the
> data Firefox stores that I know of which might benefit from this:
>
snip
> - Addon and plugin blacklists
These are already loaded dynamically.
> - The default prefs file
Unless there is a much clearer use case for this, I strongly oppose
trying to lump default prefs in with any of the rest of these. In the
case of a specific release issue where a feature needs to be disabled,
we can accomplish this using hotfix addons (at least for desktop; B2G
may not have hotfix capabilities but probably should grow them in 1.2 or
after).
>
> The question for webdev is: do we have existing services we can
> repurpose or tweak for this?
AMO serves the plugin/addon blocklists. Since the service is pretty
simple, though, I'm not sure that we would want to piggyback new data
types onto existing services.
An important aspect of this which was not mentioned is that if we're
going to start polling for more data, we should do a single poll, rather
than having separate pings for each data type. And since some of these
lists have the potential to be large, we may need to be careful to only
download them if there is actually an update, and decide on the policy
for downloading updates over paid (cellular) data versus wifi.
>
> v1 requirements:
>
> - File on disk at Firefox end gets replaced (and would be reloaded on
> restart)
I object to this requirement. This should be a per-profile item and we
should not be writing any files in the application directory. This is
necessary for many reasons including security and avoiding unwanted UAC
prompts, but also because altering installation files voids incremental
updates.
> - Ability to send different data to different clients
This needs to be fleshed out. On what data do you make this
determination, and how do you manage the backend for deciding which
clients get which pieces of data?
I think the general concept of making more of our "lists" be dynamic is
sound, but I'm very skeptical of the technical solution that you appear
to be outlining.
--BDS