On Sun, Feb 16, 2020 at 2:23 PM John M. Harris Jr <johnmh@xxxxxxxxxxxxx> wrote: > > On Sunday, February 16, 2020 12:19:41 PM MST Chris Murphy wrote: > > On Sun, Feb 16, 2020 at 11:08 AM John M. Harris Jr <johnmh@xxxxxxxxxxxxx> > > wrote: > > > > > > > > > On Thursday, February 13, 2020 1:34:32 PM MST Chris Murphy wrote: > > > > > > > But the contra argument is, well what if there is an urgent security > > > > fix? > > > > > > > > > > > > > > > > The repo metadata, I guess, needs some way of distinguishing urgent vs > > > > non-urgent security updates, so that GNOME Software knows whether to > > > > notify the user accordingly. But is there a reliable way of > > > > distinguishing between urgent and non-urgent security updates? I'd > > > > informally suggest "urgent" is something that should be applied today > > > > or tomorrow. Anything else can wait a week or two. > > > > > > > > > > > > That's an entirely subjective thing. I'd recommend prompting to install > > > ALL security updates immediately, but why not just give the user an > > > option for security updates? This is what Mac and Windows do, and it > > > makes sense because it's really the user's opinion of security updates > > > that matter on their system. > > > > > > Windows has a weekly security and virus definitions update, not every > > day. Windows Home has no user visible opt out. macOS separates minor > > version updates and security updates, security updates aren't more > > often than every few weeks. There's a very rare category of critical > > security updates that Apple can forcibly push onto user's machine > > without consent. > > > > The complaint on Fedora Workstation relates to frequent, sometimes > > daily, update notifications because a package has a security related > > update. The question is how to reduce this to once a week. > > If that's the question, that's what you should have asked. Really, that's not > something that should be done. Security updates are called security updates > for a reason. > Yes they are, but it's also about sensible risk management. Most home users can put off *most* updates (security or otherwise) for a month without too much worrying. Business users may have a different risk profile, depending on network topology and other factors. -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
