Updating scripts

This is a post to share some of my thoughts on what I consider a weak point of Blender’s python scripts: the safety of scripts and keeping track of new versions. For a quick summary skip to the last part of this post.

Introduction
Currently (before Blender 2.5) there are two main categories of scripts. The first category consists of scripts that come bundled with Blender, for instance a lot of the import and export scripts. The second category consists of scripts that are written by community members, but cater for too specific needs to be included in Blender (or aren’t included for other reasons). This second category contains a lot of scripts and many are listed in the wiki Script Catalog. However, once you’ve downloaded such a script it’s hard to keep track of new releases. I have quite some scripts on my computer of which I don’t know if it’s the latest version.
Another problem is the safety of the scripts. If they are in the Catalog I usually run them without checking the code for malicious behaviour, but when I’ve downloaded it from another location it takes some time to first check that they won’t harm my computer.

Proposal
Use the current Blender Extensions repository to include an option inside Blender for checking for new updates. It could work like this:

  • A script writer submits his script to the repository
  • Some other people review the script and check it for malicious code
  • If approved, an id is added to the script’s code and the script is moved to the approved section of the repository
  • A user downloads the script
  • After a month the user presses the ‘check for updates’ button inside Blender and Blender contacts the database to check for new versions of the script id’s installed by this specific person
  • If there is a new version, the old script is overwritten and updated

Benefits / drawbacks

  • Stimulates script writers to upload scripts to a central database
  • Secure scripts for users, so they don’t have to manually check them
  • Easy to keep track of new script updates
  • Involves more work to maintain the repository

Additional explanation
The reason I’m proposing a “check for updates” button, instead of having Blender automatically check for updates, is that I vaguely remember Ton being against such functionality. Besides, I’m pretty tired of software needing internet access myself.

Contrary to scripts bundled with Blender, scripts that simply want to be in the repository, don’t need to provide extra functionality that will be enjoyed by a broad audience. Specific niche applications can in this way reach a wider audience and the users don’t have to check specific threads or personal websites for new versions. With the added advantage of knowing that the scripts won’t harm their computers.
Obviously the repository will need te be kept secure. If it were hacked it could be used to distribute malicious code, just like any other download location.

To be clear, this post is just a proposal, a brainstorming session. I don’t have the coding skills to add the “check for updates” function to Blender (though I do know Python). I just want to see what people think of it, before I post it to for example the mailing list (unfortunately Blenderstorm is down).

Summary
Starting with Blender 2.5 I propose an update function is added to Blender, for checking on updates for the installed python scripts. Not just for the bundled scripts, but also scripts that have been checked and added to the repository. This will make it easier for users to keep track of updates and stimulate script authors to contribute to a central repository.
Please post any C&C you might have.

i think meta largely has you covered. he is making a scripts svn. you can have your svn save the scripts to any folder you choose so it would automaticaly update.

http://blenderartists.org/forum/showthread.php?t=163970

good idea !

I don’t have the coding skills to add the “check for updates” function to Blender

the api has the necessary functions to open a browser with a configured link, like in the blender help menus.

in fact, the script help menu already provide the variables to reach this goal, except that there’s no repository. I suppose it won’t take too long -client side- to add a ‘check for updates’ button.

personnaly I’m a bit sceptical about a main, unique, script database (additional work as you said, database admin, extra costs, downtime…), the update link could also lead to a text file with the version number inside on the website author, or to a project base on some existing servers, such a function could be added quickly starting from the help scripts. (a new ‘update’ field with an url like http://mysite/myscript.ver)

1- i like the idea of a central repository for scripts is good
cause sites go up and down all the time
no warranty to be there in 6 months!

2- auto check up for all scripts ?
i would like to be able to check one script at a time not all of them hopefully
that takes too long to do and internet time again!
and in any case i got too many scripts on my PC

3- i tough the scripts at the repository where already safe!
at least i hope someone took the time to check theses out !
if not than that’s could potentially be a dangerous situation for so many peoples in thw world!

4 - for 2.5 i would recommend to create a new web page for scripts repository
cause it has nothing to do with the old 2.4x series

it’s totaly independant and not compatible backward !

happy blendering

rdo3: a local svn to automatically keep your scripts folder up to date is a great thing. I’m not certain if it’s really practical for artists though. I’ll send meat a PM, though I know he usually monitors this forum pretty well.

littleneo: the reason for a central location is that it is easier to maintain and keep secure. Scripts might link to other sites for updates, but on the internet sites move around quite a bit. So by the time a user presses the “update” button, the site might no longer exist.
You’re right that it is currently already possible to implement an update function. I might write an example in python to provide a better showcase.

rickyblender: yes, the current repository is safe. No need to worry. The thing is, there are plenty of scripts that aren’t in there.
Downloading updates for all scripts at once might indeed be a lot. But it probably isn’t much of a problem to let the user select which scripts to download the updates for (I’m thinking of a Firefox like system, but without having it run automatically).
About a separate repository for scripts >2.5, that’s something meta might be the better person to comment on.

hi,
wow some issues to cover here!

The scripts in svn contrib, are very safe. few scripts have links to author’s sites even.
I change the bpydocs to make a link to the wiki page that contains the author’s links.
Also the scripts all work! only 2 scripts report any sort of of significant errors but still work.
So apart from safe, they are checked for quality, errors removed & bpydocs added where needed.
All scripts in svn contrib are also licensed compatible with Blender.
So there’s a few control measures in place to try to provide the best user experience.
Also there’s people who mentor & help me, without them, none of this would be possible!

Sure, not all scripts are listed, if there are any that belong in svn, please speak up!
at least they could be added to https://projects.blender.org/projects/bf-extensions/
For the most part 2.4 series scripts are finished, stable & very few are still actively developed.
The section in svn is designed to provide a final resting place for 2.4x scripts.
Also to show various methods that have been used in 2.4x scripts, so the algos are there if anyone wants to port scripts to or find examples of functions for 2.5 use.

As for 2.5 scripts development/documentation, that work will begin shortly, but I would not expect any significant repository until after Durian.
Infrastructure is/will be in place, wiki, bpo, svn.
Documentation will be better provided & hopefully some of the past difficulties will be overcome.
work towards this will begin very soon.

Crouch,
lol, have you been reading the mailing list!
This idea of an installer/repobrowser for svn scripts already has approval for 2.49b.
So whilst this does not give much time, I would be very interested in your ideas.
( actually I boldly proclaimed last week that I would write an installer & any help is appreciated :wink: )
So I would be very happy to work with you towards this end.
I would like to discuss this with you as the best method has not been decided & working out an acceptable approach, as there’s a few, would be handy.
i am on irc #blenderwiki most days so we could talk there if you like, or pm me & we can work out contact.

Thanks.
Brendon.

That serves me right, for not first reading up on the mailing lists after my vacation. I just did a quick search and found your message there. Sorry for all the noise :o.
I’ll contact you on irc after the weekend (probably Monday evening or Tuesday), so we can discuss things further and see where I can help.

Thanks for your response,
Bart