You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I don't think that HWI should include any code that involves network access. In the past, changes have been made to libraries to specifically exclude libraries such as requests, even when it isn't being used for network access. We currently remove the bridge transport from trezorlib because it requires requests (although it isn't actually accessing a remote server afaict). And one of the original motivations for including copies of libraries was to remote requests from trezorlib back when it would default to fetching tx data from a server. Additionally, HWI should be able to work on an offline machine without any reduction to its capabilities.
As such, I think we should add to the device support policy that devices must not require network access for it to function. I think we should also mention that, in general, libraries and imports that facilitate network access are not allowed.
Any thoughts or opinions on adding this to the device policy?
The sole exception to HWI working offline and not allowing network access is the firmware update downloader. The PR for that has not yet been merged, but in that PR, the firmware downloader is specifically made a separate binary so that requests is not included nor required by the main HWI binaries.
The text was updated successfully, but these errors were encountered:
I wonder if the updater binary can be generalized into a "will phone home" binary? Not a great UX but then at least usage as a library can be made possible and it's up to users then to make an informed decision.
I don't think that HWI should include any code that involves network access. In the past, changes have been made to libraries to specifically exclude libraries such as
requests
, even when it isn't being used for network access. We currently remove the bridge transport from trezorlib because it requiresrequests
(although it isn't actually accessing a remote server afaict). And one of the original motivations for including copies of libraries was to remoterequests
from trezorlib back when it would default to fetching tx data from a server. Additionally, HWI should be able to work on an offline machine without any reduction to its capabilities.As such, I think we should add to the device support policy that devices must not require network access for it to function. I think we should also mention that, in general, libraries and imports that facilitate network access are not allowed.
Any thoughts or opinions on adding this to the device policy?
The sole exception to HWI working offline and not allowing network access is the firmware update downloader. The PR for that has not yet been merged, but in that PR, the firmware downloader is specifically made a separate binary so that
requests
is not included nor required by the main HWI binaries.The text was updated successfully, but these errors were encountered: