Gudahtt
commented
3 years ago First off, I'd like to apologize for those breaking changes. They of course were unintended. We put a lot of work into preventing regressions like those, but clearly we aren't doing enough. I will do everything I can to improve our track record here going forward.
Second, I'll clarify a few things about how our update process works. As a browser extension, we have very limited control over when our updates occur and how they happen. We publish the extension on both Chrome and Firefox, and neither browser allows users to opt-in to getting updates. If we want to update the extension at all, everyone will eventually get it. The user can turn off automatic updates, but even still they can't pick and choose which version they want, they just stop getting updates. Neither of the options you have presented are made possible by either browser.
We have been considering creating a "beta" stream for the extension to make it easier for our users to test new releases. But this idea is complicated for various technical and extension store policy reasons, so we're still not sure how effective or feasible it would be. Even that idea wouldn't necessarily help for bug fix releases that we need to release directly to production, and it would only help insofar as people were willing to volunteer to test the beta. Still, it's something we're actively considering.
There is one "official" way of installing the extension that does allow complete user control over the version, and that is to install the release directly from the Releases page. We generally don't recommend that users install the extension manually, because users can be tricked by phishers into installing fake extensions this way as well. But, if you are going to go this route, this Releases page is the definitive place to download each release.
avoyager
Describe the bug Especially lately, Metamask has been forcing updates that break dApps without notice. For examples:
More breaking changes are coming soon, planned and unplanned. dApp developers have had notice for breaking changes of #8077 which will be rolled out soon, but not for these others. Users typically get no notice of breaking changes.
Unplanned breaking changes seem to happen often in modern software, even software from major companies. In npm, which many developers who develop alongside MetaMask are familiar with, a very intentional design decision was made to allow the user of a software package the freedom to choose exactly which version to use. Then if a package author releases a change with defects that accidentally break things, the user can easily revert back and continue with the previous utility value of the package while the package maintainers have some time to address the bug. Even standalone software in this space (e.g. geth) makes previous versions available for download, allowing users to revert back as a quick workaround to new issues while a fix or better workaround can be developed.
Unless I'm missing something (which I hope I am), with MetaMask, there is exactly ONE version that users can access and install, and it's automatically updated to newer latest versions with no option for user control. If a MetaMask update breaks a dApp you want to use, oh well, you just have to wait, maybe weeks, for a fix to be developed, and just can't use the dApp in the meantime. If you are a developer yourself, you might be able to figure out a workaround or how to download MetaMask source, build it, and install it, overcoming various security warnings along the way. However, at least in our objectives as a developer ecosystem, most MetaMask/dApp users are not developers. MetaMask is nominally targeted at making dApps easier for non-developers to use.
If it hasn't happened already, this situation is just begging for a scammer to come in and take advantage. They can build an SEO-optimized site advertising older versions of MetaMask for easy download and install, and since no similar page is available from official developers, it would get traffic and use. The scammer's versions would likely work just as one would expect except some insidious side effects like siphoning off private keys to the scammer's server. This is a security issue. I could probably have a very profitable holiday break putting that together if this description isn't enough to lead the core team to take the Issue seriously, but I would much prefer this be resolved in an open way that helps build an ecosystem of trust and usability, even in the face of imperfect software developers.
In this issue, I propose two changes:
Part 2 is needed for part 1 to be effective, so that the older version selected in part 1 isn't immediately overwritten with the latest buggy version which motivated the user to pursue part 1. Part 2 might only be able to hold users at a version after that feature is added, but this should be as soon as possible; breaking changes are apparently going to keep coming despite the best effort of MetaMask's developers.
Steps to reproduce Develop a dApp which uses MetaMask and put it out there for users, even a very small group of users. Observe what a high percentage of breakage complaints are traced back to MetaMask defects.
Expected behavior Ideally, better MetaMask testing before release and auto-update, but that should be created as a separate Issue, and would only reduce rather than completely obviate the need for this one. This one is about allowing user control over which version of MetaMask they have installed, without requiring the user to build from source.