A possible solution for automatic security updates
Posted: Tue Nov 19, 2013 4:02 am
While I agree with Clem that this is basically a storm in a teapot, and a wasted day of work on the latest RC, I realized that there actually is a security "problem" for Linux Mint security updates. Let me explain: what I've done so far was to apply all the level 1-3 updates, let the kernel, X11 and other critical updates wait a little in queue, then apply those as well with Synaptic. I always did this just out of precaution, because I've been bitten by a bad update in the past, and the end result is the best of both worlds, as Clem probably intended. In the end, all security updates are installed on my boxes.
Note, however, that I also installed LM for my son, who is not Linux savvy; and for a co-worker of mine, who likewise has little to no experience with Linux. I imagine that many of us have done it for friends, relatives, etc. Now, the end result is that critical security updates are never applied on those systems (unless I step by and do it, that is) and this certainly can't be seen as a good thing, or dismissed altogether as a "but you can do that by other means": sensible defaults, one of LM strong selling points, matter all the more in this case because there are users who will never modify them, or look for alternatives to them.
If we want LM to be a suitable for all distro, this problem has to be solved. The only way to do that that I could think of is to make the whole process semi-automatic and community-driven, i.e.:
- at first critical updates are tagged as 4-5 updates and hidden to the user;
- more experienced users install them and report on a specific forum section (or on Segfault, or any other appropriate location); by report I mean "It works for me on this hardware: X Y Z" (with proper and longer reports if/when there are problems);
- the devs also raise their antennas about possible problems on Ubuntu systems (they can be our guinea pigs, no offense meant
- when there have been enough positive reports and no problems have popped up, the packages are bumped to 1-3 level, so that all users will install them.
What do you think? I believe the LM community can make this a straightforward process.
Rehdon
Note, however, that I also installed LM for my son, who is not Linux savvy; and for a co-worker of mine, who likewise has little to no experience with Linux. I imagine that many of us have done it for friends, relatives, etc. Now, the end result is that critical security updates are never applied on those systems (unless I step by and do it, that is) and this certainly can't be seen as a good thing, or dismissed altogether as a "but you can do that by other means": sensible defaults, one of LM strong selling points, matter all the more in this case because there are users who will never modify them, or look for alternatives to them.
If we want LM to be a suitable for all distro, this problem has to be solved. The only way to do that that I could think of is to make the whole process semi-automatic and community-driven, i.e.:
- at first critical updates are tagged as 4-5 updates and hidden to the user;
- more experienced users install them and report on a specific forum section (or on Segfault, or any other appropriate location); by report I mean "It works for me on this hardware: X Y Z" (with proper and longer reports if/when there are problems);
- the devs also raise their antennas about possible problems on Ubuntu systems (they can be our guinea pigs, no offense meant
- when there have been enough positive reports and no problems have popped up, the packages are bumped to 1-3 level, so that all users will install them.
What do you think? I believe the LM community can make this a straightforward process.
Rehdon