#7713 NORM 8.2.0 (: Inconsitent behavior for activity installation

Zarro Boogs per Child bugtracker at laptop.org
Wed Aug 6 14:21:16 EDT 2008


#7713: Inconsitent behavior for activity installation
----------------------+-----------------------------------------------------
   Reporter:  erikos  |       Owner:  marco               
       Type:  defect  |      Status:  new                 
   Priority:  normal  |   Milestone:  8.2.0 (was Update.2)
  Component:  sugar   |     Version:  Git as of bug date  
 Resolution:          |    Keywords:  8.2.0:?             
Next_action:  design  |    Verified:  0                   
  Blockedby:          |    Blocking:                      
----------------------+-----------------------------------------------------

Comment(by Eben):

 Replying to [comment:4 cscott]:
 > Having looked at the code, it doesn't seem like we actually support
 having multiple versions of the same activity installed yet.  We would
 need to tweak the directory into which the .xo unpacks as well as add
 'version' parameters to a number of API methods which currently only take
 bundle_ids.

 That's right.

 > So it seems like 'upgrade' is the right solution for now.  Hopefully in
 9.1 we can fix the API issues and actually support multiple versions
 concurrently.

 Definitely.  We've recently been discussing that, upon activity upgrade,
 the bundle should also be starred according to the previously installed
 version.

 > But I'm not entirely clear what question erikos is asking.  There are
 some security issues involving bundle installation that require an
 affirmative action by the user in the journal, but michael assures me that
 installing an activity does involve executing any of its code, and so it
 should be safe just to install/upgrade the activity as soon as it is
 placed in the Journal. (In the 9.1 time frame I hope that we will be able
 to execute activities directly from their representation in the datastore,
 avoiding this 'installation' step.)

 This is not true now?  The whole point of exposing the bundle directly in
 the Journal is to allow one to open a "clean instance" of the activity.
 What happens when you click on a bundle now, if it doesn't launch the
 activity?

 > BUT for library bundles, installing does involve executing code, so it's
 not necessarily safe to install them without explicit confirmation from
 the user.  (This is a bug; installing libraries should not require
 executing code.)

 Yeah, good point.  I wasn't aware of this.

-- 
Ticket URL: <http://dev.laptop.org/ticket/7713#comment:5>
One Laptop Per Child <http://laptop.org/>
OLPC bug tracking system


More information about the Bugs mailing list