Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Linus Torvalds <torvalds <at> linux-foundation.org>
Subject: Re: Shouldn't distros and ISVs ensure that security updates get deployed promptly?
Newsgroups: gmane.comp.desktop.architects
Date: Wednesday 4th February 2009 16:57:59 UTC (over 8 years ago)
On Wed, 4 Feb 2009, Dan Kegel wrote:
> 
> How would you feel if the distro's
> "Apply security updates automatically" checkbox defaulted to "on"?
> You could then uncheck that, and get the behavior you want.

I'd be ok with that, but only if it was an actual question, not a "ok, you 
can go into the configuration manager and find the right tab, and turn it 
off".

At least for me, it also does depend on the particular package, btw. There 
are programs that I trust to do their auto-updates, and I'm perfectly 
happy having firefox check for extensions automatically, for example. But 
even in the case of firefox, I want to _know_ when it does so.

So the issue is not black-and-white or simple. But if anybody tells me 
that they can do security updates that are (a) bugfree and (b) don't do 
anything but the security fix, I'll laugh in their face. THAT DOES NOT 
HAPPEN. At least not outside of things like (perhaps) s390 mainframe 
environments etc where the supplier knows that the user will sue them for 
hundreds of millions of dollars if they screw up.

So anybody who even claims that things are "pure security updates" and 
"cannot possibly cause any problems" is basically guaranteed to be lying. 
Some people are willing to do those updates silently, but a LOT of people 
are not.

			Linus
 
CD: 3ms