Sparkle 2: Permissions
Sparkle wants to keep its central database in /Library, but we have to authenticate to write there. That sucks. The user's already thinking, "uh, alright... I'll install this Sparkle thing. I guess. Kinda sketchy..." We don't want to then immediately ask them for their password, right?
I think per-user databases are okay, because then the user only gets prompted for the applications they use (read: have launched before). The only issue is that if one user wants to skip a version and another wants to install it, they've got troubles.
I think you are over estimating customer frustration a bit. Anytime the Apple Software Update is run, they are prompted for an admin to authenticate. Besides, the only users that should be updating software will have Admin privileges. If we place the Sparkle database in "/Library/Application Support" then Admin level users already have group Read & Write access to that folder and shouldn't be prompted to authenticate. What if Sparkle provides selective prompting for the updates ? For normal users the prompt could be tailored to either offer no notice or "there's an update but we need an admin user to install it" type of message depending on the Sparkle preferences. Admin level accounts would be prompted whether they wish to install it or not as it is now.-- HowardGMac
I would argue that this is another reason to keep the global updater separate from the framework. If the user purposefully installs an 'update all my stuff' pref pane, then sure, they expect it to do things like ask for permission. Doing that for the default behavior of Sparkle seems bad though. --DavidSmith?
The way I see Sparkle2 functioning (based on what I have read) is that a user level daemon runs periodically, this can be done using launchd, and asks the root level daemon if there are any updates available. The root level daemon would maintain the master list of bundles requesting updates - running as root allows the daemon access to /Library. The preference pane would communicate with the root daemon using distributed objects thus allowing it to administer the application list. If the root level daemon reports to the user agent that updates are available then the user agent would open the Sparkle Update app - which would ask for authentication before installing the updates. Following this pattern there should be no permissions issues. -- KeithDuncan?