lidel
commented
4 years ago I was trying to use IPFS Desktop, but an update was available. I was not in a position where updating at the moment would be convenient, but there was no way to cancel/delay the auto-update, it was forced on me if I wanted to continue using IPFS Desktop.
This behavior changed in v0.13.1. Starting with that version Windows users are no longer forced to apply update when it arrives, you only get a notification that the update will be applied when the app exits.
You can test by manually installing v0.13.1 and waiting for it to detect v0.13.2.
With updates spread out based on user decisions, the impact of taking over the endpoint is muted substantially.
This is an interesting trade-off. Right now autoupdate checks are already spread out over 12 hour window, we could increase it to 24 hours. But by doing so, we make it harder to compromise users but also harder to apply any security fixes in the future.
Thoughts on what would be a sensible interval for autoupdate check?
Auto-updates mean I cannot wait until after the update has been validated by my trust network.
This is a valid feature request. It would also mitigate any problems with autoupdate mechanism (like the "infinite loop" we fixed recently on Windows).
I believe we should make it possible for the user to opt-out from automatic updates if they choose to do so.
@jessicaschilling @rafaelramalho19 thoughts where to put it and how to label it? "Automatically check for updates" in "Settings" menu?
jessicaschilling
Is your feature request related to a problem? Please describe. I was trying to use IPFS Desktop, but an update was available. I was not in a position where updating at the moment would be convenient, but there was no way to cancel/delay the auto-update, it was forced on me if I wanted to continue using IPFS Desktop.
Describe the solution you'd like When an update is available, I should be able to decline to update and continue using the application until such time as I'm ready to update. A nag at launch would be fine, though I should be able to tell it how long until it nags me again (e.g., delay for 1 day, or delay for 1 week).
Describe alternatives you've considered I tried to do the auto-update but it failed! This is related to another bug that is allegedly fixed in this version.
Additional context Auto-updates mean I cannot wait until after the update has been validated by my trust network. This means I have to implicitly trust whoever controls the other end of the endpoint, which is bad for security against motivated attackers as they only need to control the auto-update endpoint for a handful of hours to compromise many people. With updates spread out based on user decisions, the impact of taking over the endpoint is muted substantially.