[RFC] Automated Updating

[Meis2M]

very lovely
+1

[Senky]

Automatic updates can only happen if release packages are cryptographically signed and phpBB is able to verify the signature. This is currently not the case.

And what is the problem in here?

Does anybody know how Wordpress manages that?

[naderman]

Wordpress does not do that which leads to problems like: http://blog.unmaskparasites.com/2012/05 ... s-updates/

[nextgen]

Wordpress does not do that which leads to problems like: http://blog.unmaskparasites.com/2012/05 ... s-updates/

+1

[brunoais]

The problem is that, with automatic updates, if things aren't made in a very secured way, there can be security breaches in the system. Attacks like man-in-the-middle are really a big problem here.

[Erik Frèrejean]

How are update problems being handled?
How are the files going to be written?
How is the update going to be verified whether it was successful?

I'm -1 on background updates, the system could automatically prepare the update, but the actual update should always be triggered by the user.

[MartinTruckenbrodt]

Hello,
how this feature should work on a well modified board?

If it is working like AutoMOD or Extensions Manager then use use only on engine for both things. And use one format for core updates and MODs and extensions.
I thin replace-with actions are the biggest problem for all engines. Forbid replace-with actions. If a replace-wth action is needed then just remark the code which needs to be replaced. And add the new code before or above.

Bye Martin

[imkingdavid]

Hello,
how this feature should work on a well modified board?

If it is working like AutoMOD or Extensions Manager then use use only on engine for both things. And use one format for core updates and MODs and extensions.
I thin replace-with actions are the biggest problem for all engines. Forbid replace-with actions. If a replace-wth action is needed then just remark the code which needs to be replaced. And add the new code before or above.

Bye Martin

For board updates, it does not make sense to comment out code that is being replaced, as that just creates a bunch of commented out code for no reason, cluttering the core.

For extensions, there are no code edits so replace-with actions are irrelevant.

The fact that board updates require code edits and extensions don't means that having the same engine for both is not an option.

Anyway, what is currently keeping us from being able to implement something like this? I understand that we need to extensively test any system before it is deployed to ensure nothing happens like what happened to WP.

[Oleg]

You need to implement crypto verification on the board side.

But, if a board is compromised, the code can replace keys/certificates as easily as it can replace any other files. I'm not convinced that an update from a compromised board is possible at all. Certainly anyone who cares about security should use external mechanisms for updates, especially for updates from compromised boards.

[MartinTruckenbrodt]

Hello David,
it was just a reflection of my long-time MOD author experience. MODs having a lot of replace-with actions are resulting most of problems with phpBB update using the automated update packages. Sometimes a lot of code is destroyed by this. I know how to repair it. But webmasters without the needed skills have big trouble.
Sometimes it's not possible to replace replace-with actions. This is the reason for my suggestion.

Bye Martin