[Desktop_architects] Shouldn't distros and ISVs ensure that security updates get deployed promptly?

[Dave Neary]

Hi,

Dan Kegel wrote:
> Right, this would require more QA than what is done now, so
> perhaps it should be reserved for urgent updates where sufficient
> QA has been done.

<snip>

I for one would be a little paranoid about not being able to control
installs of updates. I can imagine all kinds of scenarios where it would
be undesirable: a 20M security fix starts downloading when I'm connected
via GPRS at a conference, or over a 56K phone line; a kernel update
downloads & requires a reboot; an application I am using and Absolutely
Positively Must Keep Using for a few minutes upgrades, and isn't
runtime-compatible with the update (Mozilla likes to have trouble after
updates when the DOM for the application changes - one of the problems
of having an application written in a scripting language);

Imagine what automatic updates might mean for a headless server also -
especially if there are any applications that need persistent
connections. Say you are installing a security update for Tomcat, JBoss,
SER or Woomera, or any of the other servers that store state on
connections, and the server gets restarted after the upgrade. Momentary
downtime aside, everyone using the application loses their session. Ooops.

I would be very careful about automated downloads & installs of anything
- the world is not an always-connected-by-croadband desktop.

Cheers,
Dave.

-- 
Dave Neary
GNOME Foundation member
dneary at gnome.org