Make guided package installs the default for updating packages

[zorgiepoo]

Interactive package installs now need to be opted into (foo.sparkle_interactive.pkg or foo.sparkle_interactive.mpkg)

The website documentation may need to be updated later, and this should be noted as an important point in the change log.

[kornelski]

You've mentioned that people were publicly serving the installer under the same sparkle_guided name as it's used for Sparkle. We could expect people to reuse the same URL the other way too.

Given that, could we use another, more neutral name for this? (*.installer.pkg?) Maybe another opt-in method?

[zorgiepoo]

You've mentioned that people were publicly serving the installer under the same sparkle_guided name as it's used for Sparkle. We could expect people to reuse the same URL the other way too.

It's not the URL, but the filename after being unarchived that's important. People would still need to serve sparkle_guided for a while I guess for older Sparkle versions.

Given that, could we use another, more neutral name for this? (*.installer.pkg?) Maybe another opt-in method?

Are you suggesting to rename sparkle_interactive to installer? Not sure if that would make more sense, or if I'm not following.

[kornelski]

Sorry, s/URL/filename/. I mean that it ends up being a user-visible name.

Yes, I've meant renaming sparkle_interactive. This name is odd outside context of the appcast. A name like foo.installer.pkg is a bit more neutral from user perspective.

But maybe instead of using filename at all, we should change the flag to use be appcast element or an attribute? e.g. sparkle:install="interactive"?

[zorgiepoo]

Yes, I've meant renaming sparkle_interactive. This name is odd outside context of the appcast. A name like foo.installer.pkg is a bit more neutral from user perspective.

That makes sense from a user-perspective. From a developer perspective, it's guided vs interactive. So, sure, we could rename it.

But maybe instead of using filename at all, we should change the flag to use be appcast element or an attribute? e.g. sparkle:install="interactive"?

Already have this in my fork for different reasons explained in #962. However it's not a substitute for the unarchived filename due to considering the feed to be untrusted by itself for this.

[kornelski]

Already have this in my fork for different reasons explained in #962. However it's not a substitute for the unarchived filename due to considering the feed to be untrusted by itself for this.

What's the attack scenario, especially when the default is guided? I don't see any serious attack here, because the installer package contents itself is still trusted, so the attacker can't do anything other than small nuisance.