|| ||Linus Torvalds <torvalds-AT-linux-foundation.org>|
|| ||Dan Kegel <dank-AT-kegel.com>|
|| ||Re: Shouldn't distros and ISVs ensure that
security updates get deployed promptly?|
|| ||Wed, 4 Feb 2009 08:57:59 -0800 (PST)|
|| ||Article, Thread
On Wed, 4 Feb 2009, Dan Kegel wrote:
> How would you feel if the distro's
> "Apply security updates automatically" checkbox defaulted to "on"?
> You could then uncheck that, and get the behavior you want.
I'd be ok with that, but only if it was an actual question, not a "ok, you
can go into the configuration manager and find the right tab, and turn it
At least for me, it also does depend on the particular package, btw. There
are programs that I trust to do their auto-updates, and I'm perfectly
happy having firefox check for extensions automatically, for example. But
even in the case of firefox, I want to _know_ when it does so.
So the issue is not black-and-white or simple. But if anybody tells me
that they can do security updates that are (a) bugfree and (b) don't do
anything but the security fix, I'll laugh in their face. THAT DOES NOT
HAPPEN. At least not outside of things like (perhaps) s390 mainframe
environments etc where the supplier knows that the user will sue them for
hundreds of millions of dollars if they screw up.
So anybody who even claims that things are "pure security updates" and
"cannot possibly cause any problems" is basically guaranteed to be lying.
Some people are willing to do those updates silently, but a LOT of people
to post comments)