[Desktop_architects] Shouldn't distros and ISVs ensure that security updates get deployed promptly?

Brett Johnson brett at hp.com
Wed Feb 4 08:28:35 PST 2009


On Tue, 2009-02-03 at 23:41 -0800, Dan Kegel wrote:
> Given how much malware is out there,
> shouldn't security fixes for remotely exploitable
> flaws be installed a bit more forcefully?
> e.g. instead of an ignorable notification,
> how about an in-your-face dialog saying
> they're going to be installed now?
> Or in some cases even just silently installing them?

This capability exists in most distros, doesn't it?  I know in Ubuntu,
you can choose to have security updates automatically installed, or
automatically downloaded.  But it's not the default, and making it the
default would be a very bad idea IMO.

This kind of "we know better than you do" approach to patching would not
sit well with any IT departments I know of.  In most cases, security
patches need to be validated and qualified with common applications and
usage inside the enterprise before the IT folks want to roll them out.
Having a key application break everywhere in the company because the
distro pushed a security update would be bad mojo indeed, and I don't
know of any IT department that would accept that kind of
heavy-handedness on the part of the distro.

-- 
Brett Johnson <brett at hp.com>



More information about the Desktop_architects mailing list