[Wish-list] Privacy issue
This is rather a wish-list issue... but privacy is an important topic!
This could also be a documentation issue because I found nowhere how to get the behaviour I expect... it might still be there... undocumented.
It seems that the behaviour of boobank (and probably other modules because what I describe comes from the core as far as I could see in the code) is to try to update the local repository if something goes wrong with connecting to a bank.
That is a feature a "Jdownloader user" might find desirable, not to bother trying to figure out what went wrong. Indeed if that is due to a change to a scrapped website, updating the local repository can automagically fix the issue.
But the way it is done and the feature itself is questionable for other use cases.
Issue 1: this is a privacy issue ("call home")!
I am using that inside a Linux script to prepare a nice conkyrc. That auto-update with no option to remove it is a "call home" and that is breaching privacy, especially that the feature is automatic and with no (simple) way to stop it.
Proposition: the "privacy conscious" way would be:
- do NOT auto update by default (you can still suggest it with a message)
- add a flag to the command line so that those wanting the auto-update (it is a nice feature) will still have it should they opt-in. Could be like:
boobank --auto-update
- obviously you can still run without the flag and manually do a
weboob-config update
when you think if might help fix a connection issue situation.
Workaround
Since I don't want (yet) to fiddle with the code... especially the core, we read the code (with a colleague) and figured out a simple workaround (seems to work so far).
When there is an error detected, the way to make the core auto-update seems to be to delete a file in ~/.local/share/weboob/repository
There is a single file there (currently: 00-http___updates_weboob_org_1_2_main_) that seem to hold the list of modules. The workaround is then to prevent weboob from deleting this file. This is simply done with:
chmod 555 ~/.local/share/weboob/repository
Issue 2: the way the feature is done breaks things!
We have a test machine that is (almost) completely isolated from the local network to avoid unwanted interactions. This machine does not even have internet access by default (due to the strict firewall isolation), unless you plug in a phone with tethering.
Steps to reproduce: to reproduce the bug, do the following steps:
- Configure boobank with any backend
- Disconnect all interfaces that have internet access on your local machine
- launch
boobank
- input the command
list
(enter any ID/Password if requested, since we have no internet that does not matter it will fail anyway!) - see that you have exceptions followed by a stacktrace (indeed when you have no internet connection, even the DNS fail)
- Remark: this exception could be handled more gracefully, instead of spitting out a stracktrace... but that is not the point of this bug report!
- Now launch boobank again: since the repository configuration file has been deleted it will refuse to start, although everything is still there and working fine!
So, if at some point you happen to have no connection to the internet (intentionally as above or because your connection is really down) weboob auto-destroys itself...
Indeed, since there is the non-removable-auto-update feature, the next time you run it with a working internet connection it will auto-repare itself. But hey, isn't that useless bandwith and I/O, poor performance, whereas letting the user in charge of what he wants to do would have been better?
Final thoughts: I am not yet attaching any proposed code to that (I'm not currently a world class python expert anyway!)... I will just use my chmod 555 workaround for the moment!
Before jumping to code, you might want to discuss:
- if you care more about privacy/letting the user in control, than about things happening automatically
- if you decide to give more control, decide how that should be conveyed to weboob: options on command line, environment variables, core configuration file, all of them, other solution, etc...
- possibly also decide to catch more gracefully some network error exceptions.
- there are already some options available, as
boobank --help
shows, so adding --auto-update (opt in) should respect how things work today.