IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#i2p-dev
/2024/05/20
zzz eyedeekay, thanks for the two MR reviews last week, but please don't stop, that's not all of them
zzz eyedeekay, re: roadmap item 'plugin update via torrent'
zzz you have a writeup or proposal on how that would work?
zzz if so, we should review; if not, seems unlikely for the next release. I don't think we have all the pieces atm to implement it easily.
eyedeekay Ack I'll do the other 3 of them today, just got some more to say about the one about the OBEP
zzz thanks eyedeekay
zzz and your thoughts on plugin torrents? I see sadie is pimping blizzard this morning...
eyedeekay I think you might be right about 2.6.0 and plugin torrents, I have a way of doing it that I experimented with in i2p.plugins.firefox but it's turned into a bit of a hackjob
eyedeekay Blizzard probably doesn't need a torrent as bad as some of the others
eyedeekay i2p.plugins.firefox rarely updates over I2P successfully because it's fairly huge, it's where my main interest in such a feature comes from
zzz what I'm getting at is...
zzz update subsystem is generic, but how would clients authoritatively discover versions/infohashes?
dr|z3d per-plugin news.xml feed?
zzz seems like anything you have in mind would be a new spec or an update to an existing one
eyedeekay Right now how I'm doing it is looking for a torrent on the server right next to the su3 itself, so if there's i2p.plugins.firefox.su3 and it sees that there's also i2p.plugins.firefox.su3.torrent, it downloads the torrent first, adds the http address of the regular su3 as a web seed, and downloads it
zzz -> doc or proposal, -> no way to implement of 2.6.0 unless you have it at the ready to spring on us
eyedeekay But notifying the update subsystem that it's downloaded was a problem, and what I just described^above I now consider a hackjob
eyedeekay dr|zed probably something like that
eyedeekay Not in it's current form
zzz feeds per-plugin, or per-author, or add to the main news feed, there are tradeoffs and policy issues
zzz a .torrent file doesn't have a version number in it, which is problematic
dr|z3d that can be addressed with a _version_string at the end of the torrent name, assuming the update path is secure.
zzz messy and not signed/authenticated
dr|z3d or it could have something added to the metainfo, perhaps?
eyedeekay zzz's right, right now there's a lot of precise "the torrent must be of exactly this form and exactly this path" stuff to make the hackjob work
zzz nonstandard drz
eyedeekay No version, no way to check the version until after the download is done
zzz if an authoritative list goes in the main feed then that solves the plugin discoverability problem, at least for plugins we deem worthy, but that somewhat contradicts our original ethos
dr|z3d this all seems a bit non-standard tbh, so something signed in the metainfo might be the way to go, or just a version suffix on the torrent name, if the update path is secure. I get the impression standards are about to be extended/reforged/mangled :)
dr|z3d the question I'm asking myself is, is it worth the hassle, when most plugins work fine with the current system.
zzz the proper way to discover authoritative version and sources is with a signed feed.
zzz the current method of getting the first 56 bytes dates back to the .sud format that we carefully preserved in .su3
dr|z3d sure, that's the news.xml per-plugin, presumably, or as you're suggesting as an alternative, per-author.
zzz we should not attempt to port that hack to torrent files
eyedeekay Personally I don't like putting them in the main feed, IMO that seems like a barrier which would annoy me if I didn't sign the feeds
eyedeekay IMO signed feed per-plugin is intuitive, but per-author(or is it "per-set of plugin keys") intrigues me, I hadn't considered it yet
zzz anyway that's your obstacle. The update subsystem itself is generic, extensible, and able to handle anything you can define
zzz I suggest you write it up and get consensus before putting it on the roadmap though
dr|z3d here, kytv, so your plugins site doesn't look like a refugee from 2014: cake.i2p/file/0lIVtYbs8S_Jx2qcsraZ6Y9wgNYspGK2Vvjb7JG1M_jijO13h1xb/plugins-i2p.zip