I am right in the middle of coding the Upgrade System. I just finished the server side code. It works like this:
The client (Yama) will connect to our server in Canada via HTTPS. This ensures that all information between our server and Yama is encrypted and safe. It also makes it easy to use behind a firewall since most firewalls have the correct ports open for HTTPS to work. In the request to the server Yama will send the current version number and a unique client ID if it has been given one.
If the client does not have an ID it will be created by the server. The server will either send a package back with all required upgrades, or send a message that Yama is up-to-date.
Each request will be logged on the server. The information will be client ID, current version (upgrade from), latest version (upgrade to) and IP address. I will use this information to track the number of active clients out there (the client ID is used for this), and any abuse of the system (the IP will be used for this). Since all my source code is open for anyone it is pretty easy to see how to connect to the server with your own code and try to abuse it (find a security hole or the like).
My idea was to keep the IP address for a period of time and then delete it.
How do you guys feel about this? Is it OK? Does it intrude too much on privacy? The encryption is there to protect you from other people but in the end we will have your IP address, which can be used to track you, on our servers for a while. How long should it be kept? A month?
Please, send me feedback via the comments.