Dave.Smith@st.com wrote:
On Thu, Apr 24, 2003 at 12:04:36PM +0200, fyrbrds@netscape.net wrote:
There should at least be an option for totally unattended
updates, maybe a check box that pops up a warning before continuing. Or how about an unattended update that runs on a schedule say, 0330 on Sunday nights. Alas, I guess we can only dream. You would probably have to set an alarm to wake up and click next to finish it. :)
There are other issues with this - apart from the extra bandwidth that SuSE's site would experience (since making it easier will cause more people to use it),
Oh my gosh! Ease of use may cause more people to update their system more often thus ensuring that there are less vulnerable systems out there to crack? Heaven knows we don't want that!
it would also make the automatic update site a prime target for cracking - all a cracker would have to do would be to get in to SuSE's site, and within hours, they would own hundreds, thousands, or even hundreds of thousands of boxes worldwide. A single point of failure on a system with so much automation is a significant security hazard, and just screams "crack me".
<snip>
Not really. You can use cron now to rsync/ftp your updates then rpm-install them in mass right now. This isn't considered a major security hole so why would an easy graphical tool be a hole? Also, do we want to admit that MS can offer this service for XP using WINDOZE servers, but linux is too insecure to do it? I don't think so. In theory it wouldn't cause a bandwidth problem either because suse could use mirrors like they do now with online update. If connections are max'ed out, the software would just keep trying until it connects. Since it would be unattended, why would you care? As long as it's done when you wake up or come to work in the morning. Besides, what's to say that everyone would set their updates at the same time? I mean 0300 Sunday night for me is Monday afternoon for Tokyo. And not everyone would choose the same time. Just my 2 cents. John