Opera would like to discuss adding the following attribute to the
update-info element of the widget Updates specification: "type".
Details below...
== The type attribute==
The type attribute serves to inform the user of the type of update that
will potentially be performed on a widget. The type range from "update",
"patch", or "eol" (end of life/kill switch). For backwards
compatibility, when the attribute is missing or in error, the default
behavior is to behave as an update - like we currently do today (see
Update below).
<update-info xmlns="http://www.w3.org/ns/widgets"
type="update|patch|eol"/>
=== Update ==
An update is a completely new version of the widget, where all the files
of the widget are replaced with the files contained in update.
Effectively, an update causes all the files in an installed widget to be
deleted, and a new widget to be installed in its place. Only the
widget's id and Storage data remain from one version to the next. This
is the current and default behavior.
Requirement: when the type attribute is missing, the user agent assumes
this an "update". Updates are always applied when the mime type of an
update is application/widget.
Example:
<update-info xmlns = "http://www.w3.org/ns/widgets"
src = "https://w.example.com/2.1/RC/app.wgt"
version = "2.0"
type="update">
<details>
Totally awesome new version!
</details>
</update-info>
== Patch ==
A "patch" is a partial update to only some files in a widget. Consider
the use case below.
Patch Use Case: I have a cookbook extension that contains a bunch of
videos, audio, and graphics inside the widget (~500Mb). I've updated the
javascript, in only one file (say ~5kb worth of changes) and
added/updated localized content. As a developer, I only want to patch
the affected file without having to send the whole widget package as an
"update". A patch would only add or replace files already contained in
the widget package.
Requirements:
1. Must work with the digital signing scheme for widgets. If the
update is patching a digitally signed widget, then the patch must
contain a new signature over every file in the widget that is equivalent
to the widget having been updated.
Question: Do we need a new mime type for this? (e.g.,
application/widget-patch).
Example:
<update-info xmlns = "http://www.w3.org/ns/widgets"
src = "https://w.example.com/2.1/RC/app.wgt"
version = "2.1"
type="patch">
<details>Fixed bugs and localized some content</details>
</update-info>
=== End of Life - Kill Switch ===
The "eol" (end of life) update allows developers to indicate that they
are no longer maintaining a widget or provides a means for developers
and web site owners to warn users of malicious widgets (or widgets that
may have some other issue). In any case, it serves as a kind of "kill
switch".
Use case - end of life: As a developer, I create widget X for user Y
that allows them to access temporary service Z. Service Z is only around
for 24 hours and widget X is useless without service Z. When widget X
updates itself after 24 hours, I send an "eof" update informing that
user that the widget's usefulness has run out. The user can then
uninstall the widget.
Use case - kill switch: As someone that runs a catalog, I discover that
widget X is malware. Because widget X is served from my catalog and gets
its updates from my repo, I can mark the next update to be "eol". I also
include a description for the author informing them about what issues
where found.
Example:
<update-info xmlns = "http://www.w3.org/ns/widgets"
version = "2.0"
type="eol">
<details>
A serious security issue was found in this widget.
It is highly recommended you uninstall it.
</details>
</update-info>
--
Marcos Caceres
Opera Software