Open matteodelabre opened 3 years ago
As a user this idea makes me feel a bit uncomfortable, although I understand the reasoning behind it. Is it possible to create a setting to disable the auto-fetch feature for those that don't want it?
As a user this idea makes me feel a bit uncomfortable, although I understand the reasoning behind it. Is it possible to create a setting to disable the auto-fetch feature for those that don't want it?
Yes it would be possible to disable it.
Ideally we'd have to put together some type of signing mechanism to ensure that it's only pulling down signature definitions that are known to be trusted. That said, due to the type of data being used here and the validation being done on the data I'd assume that it's less of a security risk.
Would a package that is just data definitions be possible? If it's just additive, it could be easy to fast track release in Toltec possibly? I don't know how often they update things, but like tzdata, it could be pushed regularly without much testing?
We would want a solution that works for both installs in Toltec, as well as users who install manually.
It would probably make sense to just try to pull down the address definition for the specific OS version, instead of the full list each time. This would also need to have a version number gate on it to have it gracefully quit if the version of rm2fb doesn't support the address definitions required.
@Eeems suggested on Discord to make rm2fb automatically fetch the address definitions from a remote server when they are missing. This would make adapting rm2fb to new OS releases easier, since we’d just need to update the remote file and we wouldn’t need to publish new releases/package versions.