What's a security update? I don't expect them to be responsible for my security - that's my burden as the user to make sure that I'm using software and files I personally trust.
The user is not usually in a position to decide if they need updates or not or to judge whether or not they are putting themselves at risk by not updating the machine.
That's a terrible analogy. I have been shaming people for bad security practices and self-righteous ignorance for many years (even before 9/11 ironically!).
I've seen too many people have been wrong and had a bad outcome including complete data loss and in one case livelihood being shot entirely. This isn't a random assertion from thin air. You can't trust people to look after their computers.
Why don't you want security updates? Personally, on all OSes I use I just want security updates to happen. My time is too valuable for me to go reading about every minor security update, when I will just install it anyway.
When users are used to updates screwing them over generally, it's not a surprise that we start to find people who don't want to update and disregard the security entirely.
I find it ironic that you're in the security industry, yet have no interest in getting security updates as quickly as possible.
We're not talking about major updates here, we're talking about updates that take about 30 seconds to apply plus a reboot, once a week and you know you're always running the latest and greatest from a security standpoint. Most change nothing from a user perspective.
Of course, you're free to treat these updates as you like, I typically only patch about once a month or when there's a major remote vulnerability.
You assume I wanted to make the update in the first place.
I invite you to review roll outs of security updates. These are rarely about pushing new features, and may have nothing to do with my own code at all. It might just be a version bump to my dependencies config (if a dep manager with shared libraries is involved), or just a refresh of my flatpak equivalent. But, either way, shit breaks in weird and wonderful ways, and there is little I can do but wave my arms frantically at customers.
Unfortunately, it's been established for a long time now that users cannot be trusted to perform updates by themselves, no matter how naggy you get about it, even for the most critical of security fixes.
Automatic updates, again unfortunately, are critical to safety.
Nobody that I know cares the least bit if they get security updates or not. Could be that it changes if there ever comes along a widespread exploit that won't get patched, but currently it's just not a concern especially for any non-techie.
reply