[colug-432] self-updating apps [was: Mozilla and Google conspiracy]

William Yang wyang at gcfn.net
Tue Oct 23 07:20:31 EDT 2012 

Rick, let me take a swing at restating your argument, to see if I'm
understanding your properly:

Self-upgrading software raises a serious philosophical question.  The real
question to look at is who's responsible for the consequences of a change
to a system... and who's making the decision?  It looks like an export of
authority without a corresponding export of responsibility.  From a
governance standpoint, that sounds like it could be a bad idea.

	-Bill





On 10/22/2012 10:51 AM, Rick Troth wrote:
> I appreciate all the feedback, everyone.  Thanks.
> 
> Yes, I do need to upgrade.  (And did over the past couple weeks.)
> Yes, vulnerabilities drive the upgrades.  But having been on both
> sides of the "stability versus bleeding edge" coin, 3 years is not
> always "ancient".  Varies widely with context.  I'm a web developer
> too, but I'm on the server side.  Others on my team suffer the browser
> headaches.
> 
> I'm more concerned about this:
> 
>>                         Meanwhile, current versions of both Firefox and
>> Chrome now do automatic updates to keep the user current on
>> security fixes and web standards. This is good for everybody.
> 
> I started to write a longer response, but then thought a little about
> *why* the self-update feature worries me.  And Rob already suggested
> one good alternative: rely instead on the distro update (or op sys
> vendor update).  I got forced into a distro update anyway.
> 
> Short response:  Auto-update of applications is a bad idea.  Rapid
> release is good/bad depending on context.  Auto-update of plug-ins is
> less of a problem IFF they reside in "user space".  (eg: in the
> "profile" hierarchy FF maintains; dunno how Chrome does it)
> 
> Longer response:  I find a philosophical change in software
> deployment.  From my view, people are taking "agile" to places where
> it doesn't scale.
> 
> This rapid release policy is more of a roller-coaster ride for those
> who have (had?) a non-consumer handle on things.  (In the vernacular,
> rapid release can lead to wrecks or could cause retching.  Really.)
> 
> CDs are cheap, but they're immutable.  The result is they can last as
> long as you need them.  (Ignoring media decay issues, which are real.)
>  The kind of rapid release we're seeing now with FF and Chrome doesn't
> fit on CDs because it demands writeable storage.  (Doesn't this raise
> a flag with anyone on the security front?)  It's only one example, but
> it illustrates where RR breaks:  I can't stamp FF on a CD or thumb
> drive.  Well ... I *can*, but the interdependencies are all borken.
> And self-update butts heads against R/O residence.
> 
> I haven't burned a Knoppix CD in a long time.  I haven't needed to
> play Knoppix since the mainline distros began the "Live CD" game.  But
> surely we all appreciate having a reference copy ... something we can
> depend on.  Pop it in, push power ... presto!  Once upon a time,
> Knoppix would let you customize and re-burn.  Neat!  (I never did it
> myself, sadly.)
> 
> There were bound to be problems when Linux got main stream.  Would
> have thought it would be things like virus exposure ... not release
> freqs.
> 
> -- R;   <><
> '::1, sweet ::1'
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
> 


-- 
William Yang
wyang at gcfn.net

More information about the colug-432 mailing list