Re: Shouldn't distros and ISVs ensure that
security updates get deployed promptly?
[Posted February 12, 2009 by jake]
| From: |
| Linus Torvalds <torvalds-AT-linux-foundation.org> |
| To: |
| Dan Kegel <dank-AT-kegel.com> |
| Subject: |
| Re: Shouldn't distros and ISVs ensure that
security updates get deployed promptly? |
| Date: |
| Wed, 4 Feb 2009 08:30:16 -0800 (PST) |
| Message-ID: |
| <alpine.LFD.2.00.0902040828250.3247@localhost.localdomain> |
| Cc: |
| desktop_architects-AT-lists.linux-foundation.org |
On Wed, 4 Feb 2009, Dan Kegel wrote:
> Ritesh Raj Sarraf <rrs@researchut.com> wrote:
> > Should the user really want silent updates ?
> > For updates with priority "security", I think it should just pop-up more
> > often.
>
> People ignore dialogs like that. IMHO if we're going to avoid
> botnet nightmares, we're going to need at least some silent security updates.
I disagree violently.
If anybody tries to silently upgrade my machine, I refuse to use the whole
system. No way, no how.
I refuse to do it _EVEN_MORE_ if the person who decides that it's a
"security fix" is not the distribution maker, but some random package
creator. Sorry, Dan, but you're simply not that trustworthy.
The fact that you even _think_ you should be that trustworthy is totally
irrelevant, and somewhat scary.
Crazy.
Linus