[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Userops] Userops Acid Test v0.1
|
From: |
Christopher Allan Webber |
|
Subject: |
Re: [Userops] Userops Acid Test v0.1 |
|
Date: |
Tue, 03 Nov 2015 15:32:53 -0600 |
Asheesh Laroia writes:
> Sorry to keep self-replying here.
>
> Another aspect for your "Security" list:
>
> * Automatic updates.
>
> People don't update the free software they self-host. Mozilla doesn't;
> Pirate Party doesn't; La Quadrature du Net doesn't; Wikimedia doesn't;
> Framasoft doesn't; and so on. You can see the evidence for that here:
> http://blog.etherpad.org/2015/03/04/update-your-etherpad/
>
> So we now have the data: if there are no auto-updates, people do not
> update, even with free software. The world has run the study, and the blog
> post at etherpad.org shows the data.
>
> I write the above _intending_ to sound dogmatic; I think this is a lesson
> that the free software world as a whole has not learned, so I am passionate
> about making the point.
I think the auto-update approach has a problem: it means that every
application becomes its own package manager. I don't think we're going
to reduce the complexity of our systems via this approach. I already
have too many package managers to handle! Each of my applications
having one won't make things easier for me, I think.
However the blogpost is good, it definitely appropriately raises the
right concerns. It's extremely worrying that even largeish free
software orgs can't manage to get their stuff updated. However I think
going into detail about that will move back towards the motivations for
"userops" in the first place... so good to see more motivation for doing
userops things!