Security updates in current linux distros are optional, right? i.e. in Ubuntu 8.10, it *offers* updates to you every time you log in. And (though I should know better), I often ignore that message, so my systems are days out of date.
Given how much malware is out there, shouldn't security fixes for remotely exploitable flaws be installed a bit more forcefully? e.g. instead of an ignorable notification, how about an in-your-face dialog saying they're going to be installed now? Or in some cases even just silently installing them? This goes not just for distros; any ISVs is on the hook for rapid security updates these days, I would think. This isn't an idle question... the ISV I work for is pondering how to package its app and how to push out security updates to all customers promptly. I can't recall any standard mechanisms to make this happen other than, um, having the package install a daily crontab script to update itself via the appropriate "apt-get install foo" or "yum install foo" command. (That sounds awful forceful, but I think lots of shops do this kind of update of the whole system, so perhaps an ISV doing it for just their one app wouldn't be too controversial. Ha.) - Dan _______________________________________________ Desktop_architects mailing list [email protected] https://lists.linux-foundation.org/mailman/listinfo/desktop_architects
