reduzent
commented
2 years ago This is now addressed with commits 5adf5dff888e5c119b5d18e3a03db42c0e24f4c6, f5cc50ad748c6109a37c3d7804383a9b4dc4369b, and e0894fc25c5e89907bc3903109a0b863cdbc2557
What it basically does, is to set unpatch's [netpd-find-sync] to 'unready' whenever an upgrade or download is denied. This makes unpatch not respond anymore to sync requests, which means it is not sharing any session data and thus looks to others as it wouldn't be there.
Since recently netpd asks the user if a certain instrument or abstraction should be upgraded if remote loaded a newer version (or if there is no local version at all). While this prohibits unknown code to be loaded silently, which certainly is desired from a security point of view, it brings its own set of problems. If a download/upgrade is refused by the local user, consistency among peers break since local and remote do not have the same versions of instruments or abstractions thereof loaded. This is fine for the local user because they decided to break consistency. However, unpatch of the local user should not advertise itself as ready for other peers because it cannot deliver the newest available version used in the current session. unpatch should have a mechanism to prevent itself from advertising itself to other peers as soon as one or more downloads/upgrades have been refused.