#7534 NORM Retriag: Safer to always install, rather than comparing versions

Zarro Boogs per Child bugtracker at laptop.org
Thu Jul 17 11:24:57 EDT 2008 

#7534: Safer to always install, rather than comparing versions
---------------------------+------------------------------------------------
   Reporter:  homunq       |       Owner:  marco            
       Type:  defect       |      Status:  new              
   Priority:  normal       |   Milestone:  Retriage, Please!
  Component:  sugar        |     Version:  not specified    
 Resolution:               |    Keywords:  8.2? r?          
Next_action:  communicate  |    Verified:  0                
  Blockedby:               |    Blocking:                   
---------------------------+------------------------------------------------

Comment(by homunq):

 Replying to [comment:6 morgs]:
 > Since Develop isn't in Sucrose yet, what is the rationale for including
 this in 0.82? Who will it affect?
 >

 I'm sorry, I explained that in the email, but not here in the bug.

 The only circumstance when this change makes a difference is when the user
 manually resumes an xo bundle from the journal which has the same version
 number as the installed version. In that circumstance, the install
 currently silently fails, as it presumes same version number means same xo
 bundle. This assumption, and thus this behaviour, is dangerous - the
 effect would be to silently "block out" the installation of a specific
 bundle version. The workaround would be simple, but the diagnosis would be
 hard in the field; it could arise from malice, individual error, or even
 countrywide error (country X creates a "new version" with changed icons,
 later a crucial security fix collides with the country X version
 number...).


 > While I am not in agreement with accepting this feature at this time as
 there is no analysis of what the side effects might be, the patch should
 at least include a docstring or comment explaining the purpose of the
 method and what was removed (with the ticket number) so that a future
 maintainer can understand why there is now such a pointless method.
 Alternatively, refactor the method out completely.

 I think refactoring it out is not correct - we should leave it for later,
 when there is a cryptographically valid way of checking whether an install
 would be pointless. Therefore, I will fix the patch to use a docstring.

 As to analysis of the side effects, I have grepped the whole codebase for
 calls to this function. It is called in only one place: in datastore.py
 DSObject.resume(). This is, in turn, called only from in the journal and
 the clipboard, in the obvious places. The downside is only that manually
 reinstalling the same bundle will actually reinstall it, instead of
 quickly and silently deciding not to - which seems to me a non-helpful
 optimization, since the time it saves will be orders of magnitude less
 than the debugging time it causes.

 >
 > Finally, please follow the code review procedure at
 http://wiki.sugarlabs.org/go/DevelopmentTeam/CodeReview and provide a test
 case that QA can follow.

 to follow.

-- 
Ticket URL: <http://dev.laptop.org/ticket/7534#comment:7>
One Laptop Per Child <http://laptop.org/>
OLPC bug tracking system

More information about the Bugs mailing list