New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 624403 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner:
Last visit > 30 days ago
Closed: Aug 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug



Sign in to add a comment

login app device policy needs a way to deal with extension auto-updates

Project Member Reported by achuith@chromium.org, Jun 29 2016

Issue description

Login apps will be used by various enterprises. 

If auto-updates are generally allowed, a bad webstore push can break login.

We do still want to be able to selectively auto-update in the case of security fixes.
 
Xiyuan: you did some work to disable system auto-updates for kiosk apps. Was there also a mechanism to block app auto-updates?

Comment 2 by xiy...@chromium.org, Jun 29 2016

Kiosk apps are updated as other apps. I added code recently to defer a kiosk app update if it has a required_platfrom_version manifest key whose value is not compliant with the current platform. It is not disabling AU, just defer the actual app install until certain conditions met.

I ddded a InstallGate [1] interface for that. If we want to use the same defer mechanism, we can use that.

[1] https://cs.chromium.org/chromium/src/chrome/browser/extensions/install_gate.h?rcl=0&l=14

Comment 3 by dskaram@google.com, Jul 1 2016

Bad app update pushes can break any workflow, not just login. This is an inherent risk that is part of the auto-updating workflow.

The main way to mitigate this risk is to work in "channels". Have a subset of users on a staged version of the software (both the OS i.e. beta channel and the app in some staged form).


I think trying to fix this on the system level would lead to a complex and over-engineered solution. This problem exists in any auto-updating system and should be solved by proper processes in the company/school that is deploying. For example, they pin Chrome OS versions until their software providers certify the software for a certain version.
Owner: dskaram@chromium.org
Status: WontFix (was: Untriaged)
Per triage: sounds like this issue is Won't Fix.  Please chime if you feel there is action required.

Sign in to add a comment